|
Log-Analyse und Auswertung: Windows 8, Google Chrome, Werbefenster öffnen sich alleineWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.03.2015, 18:47 | #1 |
| Windows 8, Google Chrome, Werbefenster öffnen sich alleine Hallo ihr Lieben, ich habe ein Problem. Und zwar öffnen sich an meinem Laptop in Google Chrome immer wieder Werbefenster, wenn ich etwas anklicke. Auch tauchen mitten auf der Seite kleine Werbefenster auf, die ich zwar schließen kann, jedoch öffnen sie sich sofort wieder. Das alles ist ziemlich nervig und ich hatte ein ähnliches Problem schonmal an meinem Computer. Ich hoffe jemand von euch kann mir bei meinem Problem helfen und mir sagen, wie ich die Werbung loswerde. Liebe Grüße |
22.03.2015, 19:00 | #2 |
/// the machine /// TB-Ausbilder | Windows 8, Google Chrome, Werbefenster öffnen sich alleine hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.03.2015, 19:09 | #3 |
| Windows 8, Google Chrome, Werbefenster öffnen sich alleine FRST.txt
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Kathleena Naudascher (administrator) on IDEA-PC on 22-03-2015 19:03:19 Running from C:\Users\Kathleena Naudascher\Downloads Loaded Profiles: UpdatusUser & Kathleena Naudascher (Available profiles: UpdatusUser & Kathleena Naudascher) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe () C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Config.Msi\190012aa.rbf (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\spotify.exe () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-15] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [MyPublicWiFi] => C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe [2006784 2014-02-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-799327171-498388589-2427890060-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Spotify Web Helper] => C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-28] (Spotify Ltd) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Spotify] => C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\spotify.exe [6737976 2015-02-28] (Spotify Ltd) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com URLSearchHook: [S-1-5-21-799327171-498388589-2427890060-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {0BA4DAD9-F4B1-4AE5-82B9-59065D44473B} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {1386F90C-69D9-4DCE-BA23-B53C52D183EF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {1AD775E1-CA2F-4065-8B52-FAD2B63B5D7C} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {21DC346E-2D9C-461B-8073-141AA1D01743} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-08] (Kaspersky Lab ZAO) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-08] (Kaspersky Lab ZAO) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{444A6D31-419F-4C44-992C-6CBCD9CFC0EE}: [NameServer] 31.168.224.106,5.135.12.52 Tcpip\..\Interfaces\{687D6DB5-577F-4BCF-A162-12DFEEE7F98F}: [NameServer] 31.168.224.106,5.135.12.52 Tcpip\..\Interfaces\{873EABA1-3C46-4948-9DBF-076E3937D65C}: [NameServer] 31.168.224.106,5.135.12.52 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-08] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-08] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-27] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-18] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24] CHR Extension: (Kaspersky Protection) - C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-24] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-08] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-08] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) S1 ndiskhaz; C:\Windows\system32\DRIVERS\ndiskhaz.sys [30536 2012-12-07] (Khalil Azzouzi) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 19:03 - 2015-03-22 19:04 - 00021504 _____ () C:\Users\Kathleena Naudascher\Downloads\FRST.txt 2015-03-22 19:03 - 2015-03-22 19:03 - 00000000 ____D () C:\FRST 2015-03-22 19:02 - 2015-03-22 19:02 - 02095616 _____ (Farbar) C:\Users\Kathleena Naudascher\Downloads\FRST64.exe 2015-03-12 17:43 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-12 17:43 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-12 17:43 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-12 17:43 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-12 17:42 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-12 17:42 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-12 17:42 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe 2015-03-12 17:37 - 2015-03-12 17:37 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (3).website 2015-03-12 17:37 - 2015-03-12 17:37 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (2).website 2015-03-10 20:30 - 2015-03-10 20:30 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (1).website 2015-03-10 20:12 - 2015-03-10 20:12 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup .website 2015-02-28 16:24 - 2015-03-22 15:08 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Spotify 2015-02-28 16:24 - 2015-02-28 16:24 - 00001937 _____ () C:\Users\Kathleena Naudascher\Desktop\Spotify.lnk 2015-02-28 16:24 - 2015-02-28 16:24 - 00001923 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-02-28 16:20 - 2015-03-22 18:27 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify 2015-02-28 16:15 - 2015-02-28 16:15 - 00137888 _____ (Spotify Ltd) C:\Users\Kathleena Naudascher\Downloads\SpotifySetup0.9.15.27.exe 2015-02-28 16:15 - 2015-02-28 16:15 - 00137888 _____ (Spotify Ltd) C:\Users\Kathleena Naudascher\Downloads\SpotifySetup0.9.15.27 (1).exe 2015-02-25 14:27 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls 2015-02-25 14:27 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls 2015-02-25 14:27 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-02-25 14:27 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-02-25 14:27 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-02-25 14:27 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-02-22 14:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-22 14:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-22 18:42 - 2014-09-28 08:23 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-22 18:33 - 2014-10-17 19:38 - 01893528 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-22 15:21 - 2014-10-21 17:18 - 00169984 ___SH () C:\Users\Kathleena Naudascher\Desktop\Thumbs.db 2015-03-22 15:20 - 2014-10-18 19:18 - 00244736 ___SH () C:\Users\Kathleena Naudascher\Downloads\Thumbs.db 2015-03-22 15:20 - 2014-09-27 19:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-22 15:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-14 18:54 - 2014-09-27 19:45 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-799327171-498388589-2427890060-1002 2015-03-14 18:49 - 2014-09-27 23:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-14 18:49 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-14 18:47 - 2014-09-27 20:33 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-14 18:44 - 2014-09-27 20:33 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-10 18:25 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-10 18:25 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-03-10 18:25 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-03-09 22:15 - 2014-10-04 23:58 - 00000707 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2015-03-09 22:13 - 2014-09-28 08:23 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-09 22:12 - 2013-08-22 15:46 - 00334864 _____ () C:\WINDOWS\setupact.log 2015-03-09 22:12 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-06 19:24 - 2014-10-18 16:07 - 00003986 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{557D8093-0BA2-4AAB-80A7-B827359BF2DD} 2015-03-04 22:24 - 2014-12-15 17:07 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-04 22:24 - 2014-12-15 17:07 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-01 17:37 - 2014-10-17 19:44 - 00000000 ____D () C:\Users\Kathleena Naudascher 2015-03-01 17:36 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-23 13:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-21 14:24 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports ==================== Files in the root of some directories ======= 2014-12-24 12:31 - 2014-12-24 12:31 - 0000004 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\appdataFr2.bin 2012-10-15 21:11 - 2012-10-15 21:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Kathleena Naudascher\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\Quarantine.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\sqlite3.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\webde_onlinespeicher_setup_a201412.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-10 18:50 ==================== End Of Log ============================ --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Kathleena Naudascher at 2015-03-22 19:04:39 Running from C:\Users\Kathleena Naudascher\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo) Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden Free YouTube to MP3 Converter version 3.12.46.923 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.46.923 - DVDVideoSoft Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab) Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{1E939186-B443-4262-A278-3C82949EA7AC}) (Version: 1.1.009.00 - Lenovo Group Limited) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo) Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - Media Downloader) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyPublicWiFi 5.1 (HKLM-x32\...\{C08D782B-9281-406B-ABCE-326DA70B8A1F}_is1) (Version: - TRUE Software) NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Spotify (HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH) Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-799327171-498388589-2427890060-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 09-02-2015 18:03:26 Windows Update 16-02-2015 16:20:52 Windows Update 22-02-2015 14:30:37 Windows Update 25-02-2015 17:43:48 Windows Update 14-03-2015 18:41:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {029C46DF-9132-441A-B30C-253283D0E33C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-28] (Google Inc.) Task: {11198300-9293-45A3-A4AD-543A9603FD60} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] () Task: {205E9C08-37BB-4FA5-BF71-B8B078FBA5D3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-08-08] (Lenovo) Task: {311E786B-20A7-4C08-8384-DAAAD43F19F5} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.) Task: {58B78652-9199-44CF-A911-CA474CB28C93} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH) Task: {6B0D627D-ED45-47AF-AAA3-511523BF7D6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {94E9E543-B3D7-4D2A-B0BD-6BD0CAE71967} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {984EA3A3-72DD-4C15-A471-B787B252A1D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-28] (Google Inc.) Task: {A0D02CF8-702A-4C9E-99B3-49D61CFFB976} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-14] (Microsoft Corporation) Task: {AFD1F675-779F-4126-875A-5C6A07438A92} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] () Task: {C3DD1BF3-64C3-42DB-A622-2B21A36026C0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-11-08] (CyberLink) Task: {D4578FFF-93A8-4E44-B48E-C502C857789F} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-08-08] () Task: {F7AF4B61-652C-4088-9AB8-5961698FFDCA} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-08-08] () Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-26 18:42 - 2013-12-26 18:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-08-26 14:48 - 2012-08-26 14:48 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll 2014-10-04 23:49 - 2013-04-03 13:09 - 00756224 _____ () C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe 2015-02-28 16:24 - 2015-02-28 16:24 - 00374840 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll 2012-10-15 21:00 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-10-28 16:36 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-10-28 16:36 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-10-28 16:36 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-10-28 16:36 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll 2015-02-28 16:24 - 2015-02-28 16:24 - 36966968 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\libcef.dll 2015-02-28 16:24 - 2015-02-28 16:24 - 00867896 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\ffmpegsumo.dll 2015-02-28 16:24 - 2015-02-28 16:24 - 00886840 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\libglesv2.dll 2015-02-28 16:24 - 2015-02-28 16:24 - 00108600 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Data\libegl.dll 2014-10-28 16:36 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-799327171-498388589-2427890060-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-799327171-498388589-2427890060-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg DNS Servers: 31.168.224.106 - 5.135.12.52 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-799327171-498388589-2427890060-500 - Administrator - Disabled) Gast (S-1-5-21-799327171-498388589-2427890060-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-799327171-498388589-2427890060-1005 - Limited - Enabled) Kathleena Naudascher (S-1-5-21-799327171-498388589-2427890060-1002 - Administrator - Enabled) => C:\Users\Kathleena Naudascher UpdatusUser (S-1-5-21-799327171-498388589-2427890060-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/22/2015 06:22:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8434359 Error: (03/22/2015 06:22:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8434359 Error: (03/22/2015 06:22:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/22/2015 04:02:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1078 Error: (03/22/2015 04:02:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1078 Error: (03/22/2015 04:02:22 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2015 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1250 Error: (03/10/2015 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1250 Error: (03/10/2015 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/10/2015 06:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 55458703 System errors: ============= Error: (03/10/2015 06:50:56 PM) (Source: DCOM) (EventID: 10010) (User: idea-PC) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/10/2015 06:50:25 PM) (Source: DCOM) (EventID: 10010) (User: idea-PC) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/09/2015 10:15:02 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:15:01 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:15:01 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:15:01 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:15:01 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:15:00 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:14:59 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (03/09/2015 10:14:58 PM) (Source: DCOM) (EventID: 10016) (User: idea-PC) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}idea-PCKathleena NaudascherS-1-5-21-799327171-498388589-2427890060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 52% Total physical RAM: 8057.77 MB Available physical RAM: 3863.99 MB Total Pagefile: 9337.77 MB Available Pagefile: 4380.11 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:650.86 GB) (Free:546.5 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 11A40370) Partition: GPT Partition Type. ==================== End Of Log ============================ |
23.03.2015, 13:40 | #4 |
/// the machine /// TB-Ausbilder | Windows 8, Google Chrome, Werbefenster öffnen sich alleine Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.03.2015, 20:04 | #5 |
| Windows 8, Google Chrome, Werbefenster öffnen sich alleine mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 23.03.2015 18:55:04, SYSTEM, IDEA-PC, Manual, Malware Database, 2015.3.9.5, 2015.3.23.5, Error, 23.03.2015 19:14:52, SYSTEM, IDEA-PC, Protection, IsLicensed, 13, Protection, 23.03.2015 19:14:52, SYSTEM, IDEA-PC, Protection, Malware Protection, Stopping, Protection, 23.03.2015 19:14:52, SYSTEM, IDEA-PC, Protection, Malware Protection, Stopped, Scan, 23.03.2015 19:35:34, SYSTEM, IDEA-PC, Manual, Start: 23.03.2015 19:18:28, Dauer: 16 Minuten 9 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 3 Malwareerkennung, "49" nicht-Malwareerkennung, Error, 23.03.2015 19:37:22, SYSTEM, IDEA-PC, Protection, IsLicensed, 13, Protection, 23.03.2015 19:37:22, SYSTEM, IDEA-PC, Protection, Malware Protection, Stopping, Protection, 23.03.2015 19:37:22, SYSTEM, IDEA-PC, Protection, Malware Protection, Stopped, (end) Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 23/03/2015 um 19:45:47 # Aktualisiert 22/03/2015 von Xplode # Datenbank : 2015-03-23.1 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Kathleena Naudascher - IDEA-PC # Gestarted von : C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113 (1).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Downloader Ordner Gelöscht : C:\Program Files (x86)\Media Downloader ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Downloader_is1 Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [19623 Bytes] - [24/12/2014 12:25:18] AdwCleaner[R1].txt - [1786 Bytes] - [23/03/2015 19:27:25] AdwCleaner[R2].txt - [1799 Bytes] - [23/03/2015 19:43:55] AdwCleaner[S0].txt - [17603 Bytes] - [24/12/2014 12:26:27] AdwCleaner[S1].txt - [1717 Bytes] - [23/03/2015 19:45:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1776 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.6 (03.22.2015:1) OS: Windows 8.1 x64 Ran by Kathleena Naudascher on 23.03.2015 at 19:59:05,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\WINDOWS\prefetch\WEB.DE_TOOLBAR_SINGLE_SETUP.E-2ADB7DA0.pf ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.03.2015 at 20:04:21,16 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
24.03.2015, 10:07 | #6 |
/// the machine /// TB-Ausbilder | Windows 8, Google Chrome, Werbefenster öffnen sich alleineESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 8, Google Chrome, Werbefenster öffnen sich alleine |
31.03.2015, 19:05 | #7 |
| Windows 8, Google Chrome, Werbefenster öffnen sich alleineCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a501ffe5ef9f6e4b87f2687a2a094d5a # engine=23061 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-24 09:36:21 # local_time=2015-03-24 10:36:21 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Anti-Virus' # compatibility_mode=1297 16777213 100 100 100145 31309263 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 102325 52114274 0 0 # scanned=208224 # found=45 # cleaned=0 # scan_time=4647 sh=E43A203200E95A39D90D0C5CAD590B1FA7CB3E81 ft=1 fh=32eff618108944a1 vn="Win32/Bundlore.Q evtl. unerwünschte Anwendung" ac=I fn="C:\09d94a20-a6b9-4c08-9c37-380a4bc1dc78\InstallerHelper.dll" sh=A41D5CC16FE437C28DF221D70F8116A969EF5817 ft=1 fh=f138ec55a0074c93 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\FastPlayer.exe.vir" sh=325630C371D8E26BB699A7BE67894E0AA15C4004 ft=1 fh=7992b8d2c517a0ee vn="Variante von MSIL/NewPlayer.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe.vir" sh=7E3006A3E9518195A56DF0A3BA0F1F3365E8EC28 ft=1 fh=ef7079c6c55b225a vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\fastUpdater.exe.vir" sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir" sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir" sh=7B232CE8AADD3DFEF4332F4AA682D7E4661B5B76 ft=1 fh=c36edcfe6eb90aca vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_292\mbot_de_292.exe.vir" sh=7DAC3DF676BE2FCABB271C896A8210C9D9083C86 ft=1 fh=dfed4c4cb297ef44 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_292\mybestofferstoday_widget.exe.vir" sh=0BEABE65149E7339AF1239F698EB32059320A2BE ft=1 fh=413869d4c508ba57 vn="Win32/Adware.EoRezo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_292\predm.exe.vir" sh=6B077A2100E06DEA1ECC3A7F9A2F05212486FF9C ft=1 fh=c9a915b4dabd43db vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir" sh=14371057BBB256EE0931AD143BA338F5F811CF21 ft=1 fh=e2df507b759ac87d vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir" sh=80F498B17EA97B1E425A870FE248A034A20729EF ft=1 fh=b672385cfc4ca0a6 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir" sh=C22837A3D752C138E80A365848636E3FB2DA7154 ft=1 fh=4be29cbaab22e33e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir" sh=E901998362D225B8B087BE7FCC50F8C28DB48D70 ft=1 fh=47cf3d21604d7bd8 vn="Win32/Adware.AlimenMain.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PepperZip\PepperZip.exe.vir" sh=21CAB45134CBAB08DA9DEF13EECAC86B46F3E669 ft=1 fh=5fc65ef6698c7c41 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=1727DEA1E7C028D11876CFC42F3553C3C6718467 ft=1 fh=f9e5b6a85939375c vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=2FC3A5E92137A2B80A59D68B7C62C774C50FFE00 ft=1 fh=938e1c7bdaa228ad vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir" sh=AC10B08D85151D7FCACECAEB84CE28DFBB20413B ft=1 fh=49a04a2a1e74a8eb vn="Win32/Thinknice.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir" sh=6796FD43F04FE933E9155F5DD9B5B928E8C1AC71 ft=1 fh=0691f007be75c371 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=147893B2EC59DC338295C9DB77760076F7817A79 ft=1 fh=f16cf01e720a3dcc vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=43B2963293CE3865C32132A4802B92531C16D256 ft=1 fh=e1d0248c77f0c9d9 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir" sh=60B5EB2B43DD57F7FCA5BCB2FA1848F129E8E001 ft=1 fh=ae6dcb3caea0167c vn="Variante von Win32/ELEX.BU evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\eUninstall.exe.vir" sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir" sh=36D9F4A3B13AFC47D1E28A81CF00AC38B82C54E0 ft=1 fh=ee02773919a25ace vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir" sh=7C9829CA4CA11A57C9C4AEF4AFC608D94816EA2C ft=1 fh=c71c0011f9f393a1 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\LucokYaShoePPueer\Hpm7xjplJITvxW.dll.vir" sh=B27BFCAF24EEB1EF17A8718A931CEFB3A091541F ft=1 fh=adfcc85152c5b167 vn="Variante von Win64/Adware.MultiPlug.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\LucokYaShoePPueer\Hpm7xjplJITvxW.x64.dll.vir" sh=840AFFDAB9EC0C90855D24A7275137ECD909780A ft=1 fh=c71c0011c6fac4f8 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\savingtooyou\YMNSAThLALLnZ0.dll.vir" sh=C1D7E269C9CEC47C21C557E33DD215E2A18C92E7 ft=1 fh=c71c00117580c45f vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=6C654ED07E23F02D5530FB0666614D4B351C4117 ft=1 fh=c71c0011496d5a80 vn="Variante von Win32/ELEX.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir" sh=F899B587BCDCF3582E48756769BACB896B7FBB89 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjnfjgjejpcljnjjgppchmkmnikhcfa\4.87\content.js.vir" sh=63A7E2F333CAC17618D1F12E1F0A39905441CB42 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjnfjgjejpcljnjjgppchmkmnikhcfa\4.87\lsdb.js.vir" sh=644A40E5059E5A1D351D21843044D934D2FC969C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjnfjgjejpcljnjjgppchmkmnikhcfa\4.87\MDe.js.vir" sh=C93FB945956D3241233F257ECD5BC0A0CD586235 ft=0 fh=0000000000000000 vn="JS/Trackware.Agent.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.4_0\js\inject.js.vir" sh=F94283B8B8E911028F3F042E21ADB33D117C903E ft=1 fh=182c105ec765d9dc vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\upmbot_de_292.exe.vir" sh=D343D142C9F28B74091332243CA0FFEDC671F000 ft=1 fh=af1562b5657bfb23 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\majmp_gentleeu.exe.vir" sh=CBFC73C55D3EE96D97A9AE6E128CB4FEF8B1FF7B ft=1 fh=5a6df896a89469e4 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\setup_recover_mbot_de_316.exe.vir" sh=609E62EB551763DC5AAD71D7211010A1924E07FA ft=1 fh=9b3b6423c1934b87 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\setup_recover_mbot_de_339.exe.vir" sh=D50A9F39D3F97DA29DCDDDBC35566EF2B6726E7D ft=1 fh=ee99bd7ca57f2792 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\setup_recover_rec_de_1.exe.vir" sh=A148FE16E5DB3B6F67AC7BFEB0A918BE9E3ABEC7 ft=1 fh=3d0f5b1f98dab79f vn="Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\StormWatch\StormWatchApp.exe.vir" sh=20509FA2B69F4F520808C47C8512FA95C6CCBD89 ft=1 fh=fbea23574f0e2b5a vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Roaming\VOPackage\Uninstall.exe.vir" sh=5CCB9731EC20557DB3FEFF252E242B88304D332F ft=1 fh=2cc794e5e89412cf vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Roaming\VOPackage\VOPackage.exe.vir" sh=B833F44CE69317D2EC5646B20FE4152E8AE873C0 ft=1 fh=5fb152e47822e3d6 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\free_download_facebook_passsteal_v3.0_free_download_downloader (1).exe" sh=768912EF33762E6C8A248E2E78E0884C2773D211 ft=1 fh=67379acb4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_avs-video-editor.exe" sh=F12BEBB62B73ABDC3397C0F31D503D014325957E ft=1 fh=ff5619bb0adebd81 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe" ESETSmartInstaller@High as downloader log: Can not read file from internet.ESETSmartInstaller@High as downloader log: Can not read file from internet.# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=a501ffe5ef9f6e4b87f2687a2a094d5a # engine=23172 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-31 06:34:31 # local_time=2015-03-31 08:34:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Kaspersky Anti-Virus' # compatibility_mode=1297 16777213 100 100 5952 31903152 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 696214 52708163 0 0 # scanned=215271 # found=59 # cleaned=0 # scan_time=5129 sh=E43A203200E95A39D90D0C5CAD590B1FA7CB3E81 ft=1 fh=32eff618108944a1 vn="Win32/Bundlore.Q evtl. unerwünschte Anwendung" ac=I fn="C:\09d94a20-a6b9-4c08-9c37-380a4bc1dc78\InstallerHelper.dll" sh=A41D5CC16FE437C28DF221D70F8116A969EF5817 ft=1 fh=f138ec55a0074c93 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\FastPlayer.exe.vir" sh=325630C371D8E26BB699A7BE67894E0AA15C4004 ft=1 fh=7992b8d2c517a0ee vn="Variante von MSIL/NewPlayer.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe.vir" sh=7E3006A3E9518195A56DF0A3BA0F1F3365E8EC28 ft=1 fh=ef7079c6c55b225a vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\fastUpdater.exe.vir" sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir" sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir" sh=7B232CE8AADD3DFEF4332F4AA682D7E4661B5B76 ft=1 fh=c36edcfe6eb90aca vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_292\mbot_de_292.exe.vir" sh=7DAC3DF676BE2FCABB271C896A8210C9D9083C86 ft=1 fh=dfed4c4cb297ef44 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_292\mybestofferstoday_widget.exe.vir" sh=0BEABE65149E7339AF1239F698EB32059320A2BE ft=1 fh=413869d4c508ba57 vn="Win32/Adware.EoRezo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_292\predm.exe.vir" sh=6B077A2100E06DEA1ECC3A7F9A2F05212486FF9C ft=1 fh=c9a915b4dabd43db vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir" sh=14371057BBB256EE0931AD143BA338F5F811CF21 ft=1 fh=e2df507b759ac87d vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir" sh=80F498B17EA97B1E425A870FE248A034A20729EF ft=1 fh=b672385cfc4ca0a6 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir" sh=C22837A3D752C138E80A365848636E3FB2DA7154 ft=1 fh=4be29cbaab22e33e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir" sh=E901998362D225B8B087BE7FCC50F8C28DB48D70 ft=1 fh=47cf3d21604d7bd8 vn="Win32/Adware.AlimenMain.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PepperZip\PepperZip.exe.vir" sh=21CAB45134CBAB08DA9DEF13EECAC86B46F3E669 ft=1 fh=5fc65ef6698c7c41 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=1727DEA1E7C028D11876CFC42F3553C3C6718467 ft=1 fh=f9e5b6a85939375c vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=2FC3A5E92137A2B80A59D68B7C62C774C50FFE00 ft=1 fh=938e1c7bdaa228ad vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir" sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir" sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir" sh=AC10B08D85151D7FCACECAEB84CE28DFBB20413B ft=1 fh=49a04a2a1e74a8eb vn="Win32/Thinknice.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir" sh=6796FD43F04FE933E9155F5DD9B5B928E8C1AC71 ft=1 fh=0691f007be75c371 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=147893B2EC59DC338295C9DB77760076F7817A79 ft=1 fh=f16cf01e720a3dcc vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=43B2963293CE3865C32132A4802B92531C16D256 ft=1 fh=e1d0248c77f0c9d9 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir" sh=60B5EB2B43DD57F7FCA5BCB2FA1848F129E8E001 ft=1 fh=ae6dcb3caea0167c vn="Variante von Win32/ELEX.BU evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\eUninstall.exe.vir" sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir" sh=36D9F4A3B13AFC47D1E28A81CF00AC38B82C54E0 ft=1 fh=ee02773919a25ace vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir" sh=B27BFCAF24EEB1EF17A8718A931CEFB3A091541F ft=1 fh=adfcc85152c5b167 vn="Variante von Win64/Adware.MultiPlug.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\LucokYaShoePPueer\Hpm7xjplJITvxW.x64.dll.vir" sh=840AFFDAB9EC0C90855D24A7275137ECD909780A ft=1 fh=c71c0011c6fac4f8 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\savingtooyou\YMNSAThLALLnZ0.dll.vir" sh=C1D7E269C9CEC47C21C557E33DD215E2A18C92E7 ft=1 fh=c71c00117580c45f vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=6C654ED07E23F02D5530FB0666614D4B351C4117 ft=1 fh=c71c0011496d5a80 vn="Variante von Win32/ELEX.BN evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir" sh=F899B587BCDCF3582E48756769BACB896B7FBB89 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjnfjgjejpcljnjjgppchmkmnikhcfa\4.87\content.js.vir" sh=63A7E2F333CAC17618D1F12E1F0A39905441CB42 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjnfjgjejpcljnjjgppchmkmnikhcfa\4.87\lsdb.js.vir" sh=644A40E5059E5A1D351D21843044D934D2FC969C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjnfjgjejpcljnjjgppchmkmnikhcfa\4.87\MDe.js.vir" sh=C93FB945956D3241233F257ECD5BC0A0CD586235 ft=0 fh=0000000000000000 vn="JS/Trackware.Agent.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh\1.2.4_0\js\inject.js.vir" sh=F94283B8B8E911028F3F042E21ADB33D117C903E ft=1 fh=182c105ec765d9dc vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\upmbot_de_292.exe.vir" sh=D343D142C9F28B74091332243CA0FFEDC671F000 ft=1 fh=af1562b5657bfb23 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\majmp_gentleeu.exe.vir" sh=CBFC73C55D3EE96D97A9AE6E128CB4FEF8B1FF7B ft=1 fh=5a6df896a89469e4 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\setup_recover_mbot_de_316.exe.vir" sh=609E62EB551763DC5AAD71D7211010A1924E07FA ft=1 fh=9b3b6423c1934b87 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\setup_recover_mbot_de_339.exe.vir" sh=D50A9F39D3F97DA29DCDDDBC35566EF2B6726E7D ft=1 fh=ee99bd7ca57f2792 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\mbot_de_292\Download\setup_recover_rec_de_1.exe.vir" sh=A148FE16E5DB3B6F67AC7BFEB0A918BE9E3ABEC7 ft=1 fh=3d0f5b1f98dab79f vn="Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Local\StormWatch\StormWatchApp.exe.vir" sh=A21A4B293BEAB4F5284B72D7B4DDDAE3B3BE33CC ft=1 fh=d8935c7412d17e1c vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Roaming\RHEng\1A9185A481974A11B8766F87D9C98241\setup.exe.vir" sh=20509FA2B69F4F520808C47C8512FA95C6CCBD89 ft=1 fh=fbea23574f0e2b5a vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Roaming\VOPackage\Uninstall.exe.vir" sh=5CCB9731EC20557DB3FEFF252E242B88304D332F ft=1 fh=2cc794e5e89412cf vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kathleena Naudascher\AppData\Roaming\VOPackage\VOPackage.exe.vir" sh=FCF577CE410A72FFC34D688E419673B9E6C1EA54 ft=1 fh=5e7dc4dd398e10f6 vn="Variante von Win32/AdWare.SpeedingUpMyPC.S Anwendung" ac=I fn="C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe" sh=40F91F0156DF4DAE6E1C88E6D4EDAB545FACBEA1 ft=1 fh=fdae59f27eac074d vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\Program Files (x86)\PhraseFinder_1.10.0.11\Service\pfsvc.exe" sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\XTab\ProtectService.exe" sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\XTab\SupTab.dll" sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe" sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.exe" sh=6539FE78912059EEEA8BEC052425099A02BE4D23 ft=1 fh=f5f8e760980a9609 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\AppData\Local\Temp\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_v4.0.exe" sh=25DFCACCCEEF0D9442463A944926FF43E2E73CBB ft=1 fh=d3fb294b0a544a5b vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\093A2DB4_stp\Mar9_3069_cor_sweet-page.exe" sh=B3C944A69A09DA39AE36A9FF22B5E52C26E7594A ft=1 fh=02a9130a164d7f8e vn="Variante von Win32/AdWare.SpeedingUpMyPC.S Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\30268C20_stp\PCSpeedMaximizer_AQDE_PPI_AFD_PCSM_4TR_NO_AVG_bis.exe" sh=1968465FE5FD493AB8896AD689F511AFC6F24B89 ft=1 fh=e642521f90735bbf vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\5BE86E5C_stp\phrasefinder-setup-1.10.0.11.exe" sh=B833F44CE69317D2EC5646B20FE4152E8AE873C0 ft=1 fh=5fb152e47822e3d6 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\free_download_facebook_passsteal_v3.0_free_download_downloader (1).exe" sh=8400FDF51DA58F4597E229CCFDE1CD289B7EB21E ft=1 fh=dc0d5242811629ae vn="Variante von Win32/InstallCore.XA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\ysd.exe" sh=768912EF33762E6C8A248E2E78E0884C2773D211 ft=1 fh=67379acb4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_avs-video-editor.exe" sh=F12BEBB62B73ABDC3397C0F31D503D014325957E ft=1 fh=ff5619bb0adebd81 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.99 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Anti-Virus Windows Defender Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) Adobe Reader XI Google Chrome 38.0.2125.104 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` Privatefirewall 6.1 pfsvc.exe Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avp.exe Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Kathleena Naudascher (administrator) on IDEA-PC on 31-03-2015 20:55:58 Running from C:\Users\Kathleena Naudascher\Downloads Loaded Profiles: UpdatusUser & Kathleena Naudascher (Available profiles: UpdatusUser & Kathleena Naudascher) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Avanquest Software) C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe () C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe (Phrase Finder) C:\Program Files (x86)\PhraseFinder_1.10.0.11\Service\pfsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\SpotifyCrashService.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-15] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [MyPublicWiFi] => C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe [2006784 2014-02-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-799327171-498388589-2427890060-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Spotify Web Helper] => C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-23] (Spotify Ltd) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Spotify] => C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe [6701624 2015-03-23] (Spotify Ltd) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Gameo] => C:\Users\Kathleena Naudascher\AppData\Roaming\Gameo\gameo.exe [42482176 2015-02-22] () AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} URLSearchHook: [S-1-5-21-799327171-498388589-2427890060-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {0BA4DAD9-F4B1-4AE5-82B9-59065D44473B} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {1386F90C-69D9-4DCE-BA23-B53C52D183EF} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {1AD775E1-CA2F-4065-8B52-FAD2B63B5D7C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {21DC346E-2D9C-461B-8073-141AA1D01743} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {FAE19063-8D76-4515-9225-1C36F888FF47} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-08] (Kaspersky Lab ZAO) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-08] (Kaspersky Lab ZAO) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-08] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-08] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-27] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-18] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed] R2 pfsvc_1.10.0.11; C:\Program Files (x86)\PhraseFinder_1.10.0.11\Service\pfsvc.exe [278608 2015-03-18] (Phrase Finder) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-25] (SysTool PasSame LIMITED) S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-08] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-08] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) S1 ndiskhaz; C:\Windows\system32\DRIVERS\ndiskhaz.sys [30536 2012-12-07] (Khalil Azzouzi) R1 pfnfd_1_10_0_11; C:\Windows\System32\drivers\pfnfd_1_10_0_11.sys [58232 2015-03-18] (Phrase Finder) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 20:52 - 2015-03-31 20:52 - 00852607 _____ () C:\Users\Kathleena Naudascher\Downloads\SecurityCheck (1).exe 2015-03-25 18:44 - 2015-03-25 18:44 - 00003306 _____ () C:\WINDOWS\System32\Tasks\PC Speed Maximizer Schedule 2015-03-25 18:44 - 2015-03-25 18:44 - 00000000 ____D () C:\Users\Kathleena Naudascher\Documents\PC Speed Maximizer 2015-03-25 18:44 - 2015-03-25 18:44 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\PC Speed Maximizer 2015-03-25 18:42 - 2015-03-25 18:42 - 00003870 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1427301730 2015-03-25 18:42 - 2015-03-25 18:42 - 00002091 _____ () C:\Users\Kathleena Naudascher\Desktop\Play Goodgame Empire.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001917 _____ () C:\Users\Kathleena Naudascher\Desktop\Gameo.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001903 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001158 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00000188 _____ () C:\Users\Kathleena Naudascher\Desktop\Play Games Online.url 2015-03-25 18:42 - 2015-03-25 18:42 - 00000188 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Opera Software 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Opera Software 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Gameo 2015-03-25 18:41 - 2015-03-31 18:58 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-03-25 18:41 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Gameo 2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\Program Files (x86)\PhraseFinder_1.10.0.11 2015-03-25 18:39 - 2015-03-25 18:39 - 13623584 _____ () C:\Users\Kathleena Naudascher\Downloads\ysd [1].exe 2015-03-25 18:39 - 2015-03-25 18:39 - 00766640 _____ (Prog ) C:\Users\Kathleena Naudascher\Downloads\ysd.exe 2015-03-25 18:39 - 2015-03-25 18:39 - 00001140 _____ () C:\Users\Kathleena Naudascher\Desktop\PC Speed Maximizer.lnk 2015-03-25 18:39 - 2015-03-25 18:39 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\sweet-page 2015-03-25 18:39 - 2015-03-25 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2015-03-25 18:39 - 2015-03-25 18:39 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2015-03-25 18:35 - 2015-03-25 18:38 - 63662296 _____ (DVDVideoSoft Ltd. ) C:\Users\Kathleena 2015-03-24 22:13 - 2015-03-24 22:13 - 00852604 _____ () C:\Users\Kathleena Naudascher\Downloads\SecurityCheck.exe 2015-03-24 22:09 - 2015-03-24 22:09 - 02347384 _____ (ESET) C:\Users\Kathleena Naudascher\Downloads\esetsmartinstaller_deu.exe 2015-03-23 21:04 - 2015-03-23 21:04 - 00000723 _____ () C:\Users\Kathleena Naudascher\Desktop\JRT.txt 2015-03-23 20:56 - 2015-03-23 20:56 - 01388782 _____ (Thisisu) C:\Users\Kathleena Naudascher\Downloads\JRT.exe 2015-03-23 20:42 - 2015-03-23 20:42 - 00000880 _____ () C:\Users\Kathleena Naudascher\Desktop\mbam.txt 2015-03-23 20:26 - 2015-03-23 20:26 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf 2015-03-23 20:19 - 2015-03-23 20:19 - 02168320 _____ () C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113 (2).exe 2015-03-23 19:57 - 2015-03-23 19:57 - 02168320 _____ () C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113 (1).exe 2015-03-23 19:56 - 2015-03-23 19:57 - 02168320 _____ () C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113.exe 2015-03-23 19:54 - 2015-03-23 20:40 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-23 19:54 - 2015-03-23 19:54 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-23 19:54 - 2015-03-23 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-23 19:54 - 2015-03-23 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-23 19:54 - 2015-03-23 19:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-23 19:54 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-23 19:54 - 2015-03-17 07:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-23 19:54 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-23 19:52 - 2015-03-23 19:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kathleena Naudascher\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-23 19:51 - 2015-03-23 19:51 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Lenovo 2015-03-22 21:34 - 2015-03-22 21:34 - 00000000 ____D () C:\Users\Kathleena Naudascher\Documents\Avatar 2015-03-22 21:11 - 2015-03-22 21:11 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2015-03-22 21:09 - 2015-03-22 21:32 - 00000000 ____D () C:\Users\Kathleena Naudascher\Documents\Youcam 2015-03-22 20:28 - 2015-03-22 20:45 - 00000000 ____D () C:\Users\Kathleena Naudascher\Desktop\Kleiderkreisel 2015-03-22 20:27 - 2015-03-22 20:28 - 00000000 ____D () C:\Users\Kathleena Naudascher\Desktop\Programme 2015-03-22 20:04 - 2015-03-22 20:05 - 00022872 _____ () C:\Users\Kathleena Naudascher\Downloads\Addition.txt 2015-03-22 20:03 - 2015-03-31 20:56 - 00000000 ____D () C:\FRST 2015-03-22 20:03 - 2015-03-31 20:55 - 00025605 _____ () C:\Users\Kathleena Naudascher\Downloads\FRST.txt 2015-03-22 20:02 - 2015-03-22 20:02 - 02095616 _____ (Farbar) C:\Users\Kathleena Naudascher\Downloads\FRST64.exe 2015-03-18 04:42 - 2015-03-18 04:42 - 00058232 _____ (Phrase Finder) C:\WINDOWS\system32\Drivers\pfnfd_1_10_0_11.sys 2015-03-12 18:45 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe 2015-03-12 18:45 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe 2015-03-12 18:44 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-12 18:44 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-12 18:44 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-12 18:44 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-12 18:44 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-12 18:44 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-12 18:44 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-12 18:44 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-03-12 18:44 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-03-12 18:44 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-03-12 18:44 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-03-12 18:44 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-12 18:44 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-12 18:44 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-12 18:44 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2015-03-12 18:44 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2015-03-12 18:44 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-12 18:44 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-12 18:44 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-03-12 18:44 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-03-12 18:44 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-12 18:44 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2015-03-12 18:44 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll 2015-03-12 18:44 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll 2015-03-12 18:44 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll 2015-03-12 18:44 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll 2015-03-12 18:44 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll 2015-03-12 18:44 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll 2015-03-12 18:44 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll 2015-03-12 18:44 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-12 18:44 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2015-03-12 18:44 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2015-03-12 18:44 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-12 18:44 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-03-12 18:44 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2015-03-12 18:44 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-03-12 18:44 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-03-12 18:44 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-12 18:44 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2015-03-12 18:44 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2015-03-12 18:44 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-03-12 18:44 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-12 18:44 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-12 18:44 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe 2015-03-12 18:44 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2015-03-12 18:44 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2015-03-12 18:44 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2015-03-12 18:44 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll 2015-03-12 18:44 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-12 18:44 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe 2015-03-12 18:44 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-12 18:44 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-12 18:44 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe 2015-03-12 18:44 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2015-03-12 18:44 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2015-03-12 18:44 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2015-03-12 18:44 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll 2015-03-12 18:44 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll 2015-03-12 18:44 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2015-03-12 18:44 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2015-03-12 18:44 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-03-12 18:44 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-03-12 18:44 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2015-03-12 18:44 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2015-03-12 18:44 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2015-03-12 18:44 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2015-03-12 18:43 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-12 18:43 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-12 18:43 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-12 18:43 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-12 18:43 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-12 18:43 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-12 18:43 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-12 18:43 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-12 18:43 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-12 18:43 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-12 18:43 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-12 18:43 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-12 18:43 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-12 18:43 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-12 18:43 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-12 18:43 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-12 18:43 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-12 18:43 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-12 18:43 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-12 18:43 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-12 18:43 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-12 18:43 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-12 18:43 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-12 18:43 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-12 18:43 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-12 18:43 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-12 18:43 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-12 18:43 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-12 18:43 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-12 18:43 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-12 18:43 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-12 18:43 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-12 18:43 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-12 18:43 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-12 18:43 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-12 18:43 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-12 18:43 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-12 18:43 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-12 18:43 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2015-03-12 18:43 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2015-03-12 18:43 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2015-03-12 18:43 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2015-03-12 18:43 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2015-03-12 18:43 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2015-03-12 18:43 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2015-03-12 18:43 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2015-03-12 18:43 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-03-12 18:43 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-03-12 18:43 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-12 18:43 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-12 18:43 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-12 18:43 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll 2015-03-12 18:43 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll 2015-03-12 18:43 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-12 18:43 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-12 18:43 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-12 18:43 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-12 18:43 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2015-03-12 18:43 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2015-03-12 18:42 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-12 18:42 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-12 18:42 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-03-12 18:42 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-03-12 18:42 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-12 18:42 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-12 18:42 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-12 18:42 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-12 18:42 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-03-12 18:42 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-03-12 18:42 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-12 18:42 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-03-12 18:42 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe 2015-03-12 18:37 - 2015-03-12 18:37 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (3).website 2015-03-12 18:37 - 2015-03-12 18:37 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (2).website 2015-03-10 21:30 - 2015-03-10 21:30 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (1).website 2015-03-10 21:12 - 2015-03-10 21:12 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup .website ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-31 20:42 - 2014-09-28 09:23 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-31 20:36 - 2014-10-17 20:38 - 01686413 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-31 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-31 19:23 - 2015-02-28 17:24 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Spotify 2015-03-31 19:12 - 2015-02-28 17:20 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify 2015-03-31 19:10 - 2014-09-27 20:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-31 19:05 - 2013-08-22 16:46 - 00335995 _____ () C:\WINDOWS\setupact.log 2015-03-31 18:59 - 2014-09-24 08:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-31 18:59 - 2014-09-24 07:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-03-31 18:59 - 2014-09-24 07:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-03-31 18:55 - 2014-10-17 20:44 - 00000000 ____D () C:\Users\Kathleena Naudascher 2015-03-31 18:55 - 2014-10-05 00:58 - 00000707 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2015-03-31 18:55 - 2014-09-28 09:23 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-31 18:55 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-31 18:54 - 2014-09-23 23:06 - 00030376 _____ () C:\WINDOWS\PFRO.log 2015-03-25 01:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-24 23:15 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-23 21:11 - 2014-09-27 20:45 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-799327171-498388589-2427890060-1002 2015-03-23 20:45 - 2014-12-24 13:24 - 00000000 ____D () C:\AdwCleaner 2015-03-23 20:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-03-23 20:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-23 20:14 - 2013-08-22 16:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-22 21:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-22 21:12 - 2014-09-28 09:45 - 00000000 ____D () C:\ProgramData\Lenovo 2015-03-22 21:12 - 2014-09-27 20:40 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\LSC 2015-03-22 21:11 - 2012-10-15 22:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2015-03-22 21:11 - 2012-10-15 22:17 - 00000000 ____D () C:\Program Files\Lenovo 2015-03-22 21:11 - 2012-10-15 22:15 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2015-03-22 21:09 - 2012-10-15 22:31 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2015-03-22 16:21 - 2014-10-21 18:18 - 00169984 ___SH () C:\Users\Kathleena Naudascher\Desktop\Thumbs.db 2015-03-22 16:20 - 2014-10-18 20:18 - 00244736 ___SH () C:\Users\Kathleena Naudascher\Downloads\Thumbs.db 2015-03-14 19:49 - 2014-09-28 00:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-14 19:47 - 2014-09-27 21:33 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-14 19:44 - 2014-09-27 21:33 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-06 20:24 - 2014-10-18 17:07 - 00003986 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{557D8093-0BA2-4AAB-80A7-B827359BF2DD} 2015-03-04 23:24 - 2014-12-15 18:07 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-04 23:24 - 2014-12-15 18:07 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-12-24 13:31 - 2014-12-24 13:31 - 0000004 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\appdataFr2.bin 2012-10-15 22:11 - 2012-10-15 22:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Kathleena Naudascher\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\Quarantine.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\sqlite3.dll C:\Users\Kathleena Naudascher\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\webde_onlinespeicher_setup_a201412.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-23 22:26 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Werbefenser öffnen sich weiterhin..... jedoch sind weiterhin wörter blau markiert und unterstrichen und führen mich auf externe seiten weiter wenn ich drauf klicke |
01.04.2015, 07:43 | #8 |
/// the machine /// TB-Ausbilder | Windows 8, Google Chrome, Werbefenster öffnen sich alleine Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\09d94a20-a6b9-4c08-9c37-380a4bc1dc78 C:\Users\Kathleena Naudascher\Downloads\free_download_facebook_passsteal_v3.0_free_download_downloader (1).exe C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_avs-video-editor.exe C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe C:\Program Files (x86)\PC Speed Maximizer C:\Program Files (x86)\PhraseFinder_1.10.0.11 C:\Program Files (x86)\XTab C:\ProgramData\WindowsMangerProtect C:\Users\Kathleena Naudascher\AppData\Local\Temp\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_v4.0.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\093A2DB4_stp\Mar9_3069_cor_sweet-page.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\30268C20_stp\PCSpeedMaximizer_AQDE_PPI_AFD_PCSM_4TR_NO_AVG_bis.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\5BE86E5C_stp\phrasefinder-setup-1.10.0.11.exe C:\Users\Kathleena Naudascher\Downloads\ysd.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} URLSearchHook: [S-1-5-21-799327171-498388589-2427890060-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-25] (SysTool PasSame LIMITED) Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.04.2015, 18:00 | #9 |
| Windows 8, Google Chrome, Werbefenster öffnen sich alleine hier das fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Kathleena Naudascher at 2015-04-08 18:48:07 Run:1 Running from C:\Users\Kathleena Naudascher\Downloads Loaded Profiles: UpdatusUser & Kathleena Naudascher (Available profiles: UpdatusUser & Kathleena Naudascher) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\09d94a20-a6b9-4c08-9c37-380a4bc1dc78 C:\Users\Kathleena Naudascher\DOWNLOADS\free_download_facebook_passsteal_v3.0_free_download_downloader (1).exe C:\Users\Kathleena Naudascher\DOWNLOADS\Kathleena_140113\DOWNLOADS\SoftonicDownloader_fuer_avs-video-editor.exe C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe C:\Program Files (x86)\PC SPEED MAXIMIZER C:\Program Files (x86)\PhraseFinder_1.10.0.11 C:\Program Files (x86)\XTab C:\ProgramData\WindowsMangerProtect C:\Users\Kathleena Naudascher\AppData\Local\Temp\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_v4.0.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\093A2DB4_stp\Mar9_3069_cor_sweet-page.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\30268C20_stp\PCSpeedMaximizer_AQDE_PPI_AFD_PCSM_4TR_NO_AVG_bis.exe C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\5BE86E5C_stp\phrasefinder-setup-1.10.0.11.exe C:\Users\Kathleena Naudascher\Downloads\ysd.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&q={searchTerms} URLSearchHook: [S-1-5-21-799327171-498388589-2427890060-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-25] (SysTool PasSame LIMITED) Emptytemp: ***************** C:\09d94a20-a6b9-4c08-9c37-380a4bc1dc78 => Moved successfully. C:\Users\Kathleena Naudascher\DOWNLOADS\free_download_facebook_passsteal_v3.0_free_download_downloader (1).exe => Moved successfully. C:\Users\Kathleena Naudascher\DOWNLOADS\Kathleena_140113\DOWNLOADS\SoftonicDownloader_fuer_avs-video-editor.exe => Moved successfully. C:\Users\Kathleena Naudascher\Downloads\Kathleena_140113\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe => Moved successfully. C:\Program Files (x86)\PC SPEED MAXIMIZER => Moved successfully. C:\Program Files (x86)\PhraseFinder_1.10.0.11 => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. C:\Users\Kathleena Naudascher\AppData\Local\Temp\158AF40F-387C-4D75-B9F1-9186769876B9mp\tmp\XTab_v4.0.exe => Moved successfully. C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\093A2DB4_stp\Mar9_3069_cor_sweet-page.exe => Moved successfully. C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\30268C20_stp\PCSpeedMaximizer_AQDE_PPI_AFD_PCSM_4TR_NO_AVG_bis.exe => Moved successfully. C:\Users\Kathleena Naudascher\AppData\Local\Temp\is628679143\5BE86E5C_stp\phrasefinder-setup-1.10.0.11.exe => Moved successfully. C:\Users\Kathleena Naudascher\Downloads\ysd.exe => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. Error setting Default URLSearchHook. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. WindowsMangerProtect => Unable to stop service WindowsMangerProtect => Service deleted successfully. EmptyTemp: => Removed 1.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 18:48:24 ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Kathleena Naudascher (administrator) on IDEA-PC on 08-04-2015 18:58:47 Running from C:\Users\Kathleena Naudascher\Downloads Loaded Profiles: UpdatusUser & Kathleena Naudascher (Available profiles: UpdatusUser & Kathleena Naudascher) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe () C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\SpotifyCrashService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-15] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-15] (Lenovo(beijing) Limited) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated) HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [MyPublicWiFi] => C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe [2006784 2014-02-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-799327171-498388589-2427890060-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Spotify Web Helper] => C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-06] (Spotify Ltd) HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Gameo] => C:\Users\Kathleena Naudascher\AppData\Roaming\Gameo\gameo.exe [42482176 2015-02-22] () HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Run: [Spotify] => C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-06] (Spotify Ltd) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1427301595&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429 HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-799327171-498388589-2427890060-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: [S-1-5-21-799327171-498388589-2427890060-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> DefaultScope {6A1806CD-94D4-4689 URL = SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {0BA4DAD9-F4B1-4AE5-82B9-59065D44473B} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {1386F90C-69D9-4DCE-BA23-B53C52D183EF} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {1AD775E1-CA2F-4065-8B52-FAD2B63B5D7C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {21DC346E-2D9C-461B-8073-141AA1D01743} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-799327171-498388589-2427890060-1002 -> {FAE19063-8D76-4515-9225-1C36F888FF47} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9DC900429&ts=1427301613&type=default&q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-08] (Kaspersky Lab ZAO) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll No File BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-08] (Kaspersky Lab ZAO) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll [2014-11-17] (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-08] () FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-08] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-08] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-27] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-27] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-799327171-498388589-2427890060-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-10-18] Chrome: ======= CHR Profile: C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08] CHR Extension: (Google Wallet) - C:\Users\Kathleena Naudascher\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-26] (Broadcom Corporation.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MyPublicWiFiService; C:\Program Files (x86)\MyPublicWiFi\PublicWiFiService.exe [756224 2013-04-03] () [File not signed] R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [X] S2 pfsvc_1.10.0.11; "C:\Program Files (x86)\PhraseFinder_1.10.0.11\Service\pfsvc.exe" [X] S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-10-08] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-10-08] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) S1 ndiskhaz; C:\Windows\system32\DRIVERS\ndiskhaz.sys [30536 2012-12-07] (Khalil Azzouzi) R1 pfnfd_1_10_0_11; C:\Windows\System32\drivers\pfnfd_1_10_0_11.sys [58232 2015-03-18] (Phrase Finder) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 18:56 - 2015-04-08 18:56 - 00001813 _____ () C:\Users\Kathleena Naudascher\Desktop\chrome - Verknüpfung.lnk 2015-04-08 18:39 - 2015-04-08 18:40 - 42888784 _____ (Google Inc.) C:\Users\Kathleena Naudascher\Downloads\ChromeStandaloneSetup.exe 2015-04-08 18:34 - 2015-04-08 18:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Kathleena Naudascher\Downloads\revosetup95.exe 2015-04-08 18:34 - 2015-04-08 18:34 - 00001291 _____ () C:\Users\Kathleena Naudascher\Desktop\Revo Uninstaller.lnk 2015-04-08 18:34 - 2015-04-08 18:34 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-04-06 17:36 - 2015-04-06 17:36 - 00776792 _____ (Reimage®) C:\Users\Kathleena Naudascher\Downloads\eFixPro (1).exe 2015-04-06 17:11 - 2015-04-06 17:11 - 00004302 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater 2015-04-06 17:11 - 2015-04-06 17:11 - 00003468 _____ () C:\WINDOWS\System32\Tasks\Reimage Reminder 2015-04-06 17:11 - 2015-04-06 17:11 - 00000000 ____D () C:\Program Files\Reimage 2015-04-06 17:10 - 2015-04-06 17:11 - 00000000 ____D () C:\rei 2015-04-06 17:10 - 2015-04-06 17:11 - 00000000 ____D () C:\ProgramData\Reimage Protector 2015-04-06 17:10 - 2015-04-06 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eFix Pro 2015-04-06 17:10 - 2015-04-06 17:10 - 00000000 ____D () C:\Program Files\eFix 2015-04-06 17:09 - 2015-04-06 17:11 - 00000144 _____ () C:\WINDOWS\Reimage.ini 2015-04-06 17:09 - 2015-04-06 17:11 - 00000063 _____ () C:\WINDOWS\efix.ini 2015-04-06 17:09 - 2015-04-06 17:09 - 00776792 _____ (Reimage®) C:\Users\Kathleena Naudascher\Downloads\eFixPro.exe 2015-04-06 16:28 - 2015-04-06 16:28 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\node-webkit 2015-04-06 16:17 - 2015-04-06 16:17 - 17385800 _____ (Google Inc.) C:\Users\Kathleena Naudascher\Downloads\picasa39-setup.exe 2015-04-06 16:17 - 2015-04-06 16:17 - 00001133 _____ () C:\Users\Public\Desktop\Picasa 3.lnk 2015-04-06 16:17 - 2015-04-06 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-04-06 16:14 - 2015-04-06 16:25 - 00000000 ____D () C:\Users\Kathleena Naudascher\Desktop\blumen 2015-04-06 16:07 - 2015-04-06 16:08 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-04-06 16:07 - 2015-04-06 16:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-03-31 20:52 - 2015-03-31 20:52 - 00852607 _____ () C:\Users\Kathleena Naudascher\Downloads\SecurityCheck (1).exe 2015-03-25 18:44 - 2015-04-06 16:45 - 00003306 _____ () C:\WINDOWS\System32\Tasks\PC Speed Maximizer Schedule 2015-03-25 18:44 - 2015-03-25 18:44 - 00000000 ____D () C:\Users\Kathleena Naudascher\Documents\PC Speed Maximizer 2015-03-25 18:44 - 2015-03-25 18:44 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\PC Speed Maximizer 2015-03-25 18:42 - 2015-04-08 18:33 - 00003850 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1427301730 2015-03-25 18:42 - 2015-04-08 18:33 - 00001074 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001917 _____ () C:\Users\Kathleena Naudascher\Desktop\Gameo.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001903 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00001158 _____ () C:\Users\Public\Desktop\Opera.lnk 2015-03-25 18:42 - 2015-03-25 18:42 - 00000188 _____ () C:\Users\Kathleena Naudascher\Desktop\Play Games Online.url 2015-03-25 18:42 - 2015-03-25 18:42 - 00000188 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Opera Software 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Opera Software 2015-03-25 18:42 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Gameo 2015-03-25 18:41 - 2015-04-08 18:33 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-03-25 18:41 - 2015-03-25 18:42 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Gameo 2015-03-25 18:40 - 2015-03-25 18:40 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-03-25 18:39 - 2015-03-25 18:39 - 13623584 _____ () C:\Users\Kathleena Naudascher\Downloads\ysd [1].exe 2015-03-25 18:39 - 2015-03-25 18:39 - 00001140 _____ () C:\Users\Kathleena Naudascher\Desktop\PC Speed Maximizer.lnk 2015-03-25 18:39 - 2015-03-25 18:39 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\sweet-page 2015-03-25 18:39 - 2015-03-25 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2015-03-25 18:35 - 2015-03-25 18:38 - 63662296 _____ (DVDVideoSoft Ltd. ) C:\Users\Kathleena 2015-03-24 22:13 - 2015-03-24 22:13 - 00852604 _____ () C:\Users\Kathleena Naudascher\Downloads\SecurityCheck.exe 2015-03-24 22:09 - 2015-03-24 22:09 - 02347384 _____ (ESET) C:\Users\Kathleena Naudascher\Downloads\esetsmartinstaller_deu.exe 2015-03-23 20:56 - 2015-03-23 20:56 - 01388782 _____ (Thisisu) C:\Users\Kathleena Naudascher\Downloads\JRT.exe 2015-03-23 20:26 - 2015-03-23 20:26 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf 2015-03-23 20:19 - 2015-03-23 20:19 - 02168320 _____ () C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113 (2).exe 2015-03-23 19:57 - 2015-03-23 19:57 - 02168320 _____ () C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113 (1).exe 2015-03-23 19:56 - 2015-03-23 19:57 - 02168320 _____ () C:\Users\Kathleena Naudascher\Downloads\AdwCleaner_4.113.exe 2015-03-23 19:54 - 2015-03-23 20:40 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-23 19:54 - 2015-03-23 19:54 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-23 19:54 - 2015-03-23 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-23 19:54 - 2015-03-23 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-23 19:54 - 2015-03-23 19:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-23 19:54 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-23 19:54 - 2015-03-17 07:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-23 19:54 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-23 19:52 - 2015-03-23 19:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Kathleena Naudascher\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-23 19:51 - 2015-03-23 19:51 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Lenovo 2015-03-22 21:34 - 2015-03-22 21:34 - 00000000 ____D () C:\Users\Kathleena Naudascher\Documents\Avatar 2015-03-22 21:11 - 2015-03-22 21:11 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk 2015-03-22 21:09 - 2015-03-22 21:32 - 00000000 ____D () C:\Users\Kathleena Naudascher\Documents\Youcam 2015-03-22 20:28 - 2015-03-22 20:45 - 00000000 ____D () C:\Users\Kathleena Naudascher\Desktop\Kleiderkreisel 2015-03-22 20:27 - 2015-03-22 20:28 - 00000000 ____D () C:\Users\Kathleena Naudascher\Desktop\Programme 2015-03-22 20:04 - 2015-03-22 20:05 - 00022872 _____ () C:\Users\Kathleena Naudascher\Downloads\Addition.txt 2015-03-22 20:03 - 2015-04-08 18:58 - 00023844 _____ () C:\Users\Kathleena Naudascher\Downloads\FRST.txt 2015-03-22 20:03 - 2015-04-08 18:58 - 00000000 ____D () C:\FRST 2015-03-22 20:02 - 2015-03-22 20:02 - 02095616 _____ (Farbar) C:\Users\Kathleena Naudascher\Downloads\FRST64.exe 2015-03-18 04:42 - 2015-03-18 04:42 - 00058232 _____ (Phrase Finder) C:\WINDOWS\system32\Drivers\pfnfd_1_10_0_11.sys 2015-03-12 18:45 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe 2015-03-12 18:45 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe 2015-03-12 18:44 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-12 18:44 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-12 18:44 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-12 18:44 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-12 18:44 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-12 18:44 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-12 18:44 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-12 18:44 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-03-12 18:44 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-03-12 18:44 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-03-12 18:44 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-03-12 18:44 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-12 18:44 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-12 18:44 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-12 18:44 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2015-03-12 18:44 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2015-03-12 18:44 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-12 18:44 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-12 18:44 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-03-12 18:44 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-03-12 18:44 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-12 18:44 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2015-03-12 18:44 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll 2015-03-12 18:44 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll 2015-03-12 18:44 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll 2015-03-12 18:44 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll 2015-03-12 18:44 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll 2015-03-12 18:44 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll 2015-03-12 18:44 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll 2015-03-12 18:44 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-12 18:44 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2015-03-12 18:44 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2015-03-12 18:44 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-12 18:44 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-03-12 18:44 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2015-03-12 18:44 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-03-12 18:44 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-03-12 18:44 - 2014-10-29 04:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-12 18:44 - 2014-10-29 04:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2015-03-12 18:44 - 2014-10-29 04:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2015-03-12 18:44 - 2014-10-29 04:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2015-03-12 18:44 - 2014-10-29 04:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-12 18:44 - 2014-10-29 04:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-12 18:44 - 2014-10-29 04:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe 2015-03-12 18:44 - 2014-10-29 04:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2015-03-12 18:44 - 2014-10-29 04:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2015-03-12 18:44 - 2014-10-29 04:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2015-03-12 18:44 - 2014-10-29 04:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll 2015-03-12 18:44 - 2014-10-29 04:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-12 18:44 - 2014-10-29 04:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe 2015-03-12 18:44 - 2014-10-29 04:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-12 18:44 - 2014-10-29 04:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-12 18:44 - 2014-10-29 03:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe 2015-03-12 18:44 - 2014-10-29 03:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2015-03-12 18:44 - 2014-10-29 03:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2015-03-12 18:44 - 2014-10-29 03:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2015-03-12 18:44 - 2014-10-29 03:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll 2015-03-12 18:44 - 2014-10-29 03:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll 2015-03-12 18:44 - 2014-10-29 03:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2015-03-12 18:44 - 2014-10-29 03:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2015-03-12 18:44 - 2014-10-29 03:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-03-12 18:44 - 2014-10-29 02:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-03-12 18:44 - 2014-10-29 02:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2015-03-12 18:44 - 2014-10-29 02:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2015-03-12 18:44 - 2014-10-29 02:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2015-03-12 18:44 - 2014-10-29 02:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2015-03-12 18:43 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-12 18:43 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-12 18:43 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-12 18:43 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-12 18:43 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-12 18:43 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-12 18:43 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-12 18:43 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-12 18:43 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-12 18:43 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-12 18:43 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-12 18:43 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-12 18:43 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-12 18:43 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-12 18:43 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-12 18:43 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-12 18:43 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-12 18:43 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-12 18:43 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-12 18:43 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-12 18:43 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-12 18:43 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-12 18:43 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-12 18:43 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-12 18:43 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-12 18:43 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-12 18:43 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-12 18:43 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-12 18:43 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-12 18:43 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-12 18:43 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-12 18:43 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-12 18:43 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-12 18:43 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-12 18:43 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-12 18:43 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-12 18:43 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-12 18:43 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-12 18:43 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2015-03-12 18:43 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2015-03-12 18:43 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2015-03-12 18:43 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2015-03-12 18:43 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2015-03-12 18:43 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2015-03-12 18:43 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2015-03-12 18:43 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2015-03-12 18:43 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-03-12 18:43 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-03-12 18:43 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-12 18:43 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-12 18:43 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-12 18:43 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll 2015-03-12 18:43 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll 2015-03-12 18:43 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-12 18:43 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-12 18:43 - 2014-10-29 05:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-12 18:43 - 2014-10-29 04:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-12 18:43 - 2014-10-29 03:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2015-03-12 18:43 - 2014-10-29 02:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2015-03-12 18:42 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-12 18:42 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-12 18:42 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-03-12 18:42 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-03-12 18:42 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-12 18:42 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-12 18:42 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-12 18:42 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-12 18:42 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-03-12 18:42 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-03-12 18:42 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-12 18:42 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-03-12 18:42 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe 2015-03-12 18:37 - 2015-03-12 18:37 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (3).website 2015-03-12 18:37 - 2015-03-12 18:37 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (2).website 2015-03-10 21:30 - 2015-03-10 21:30 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup (1).website 2015-03-10 21:12 - 2015-03-10 21:12 - 00009522 _____ () C:\Users\Kathleena Naudascher\Downloads\Setup .website ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 18:56 - 2015-02-28 17:20 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\Spotify 2015-04-08 18:56 - 2014-09-24 08:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-08 18:56 - 2014-09-24 07:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-08 18:56 - 2014-09-24 07:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-08 18:55 - 2014-09-27 20:45 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-799327171-498388589-2427890060-1002 2015-04-08 18:52 - 2014-10-17 20:38 - 02093461 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-08 18:51 - 2014-09-27 20:41 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-04-08 18:50 - 2015-02-28 17:24 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Spotify 2015-04-08 18:50 - 2014-10-21 18:18 - 00169984 ___SH () C:\Users\Kathleena Naudascher\Desktop\Thumbs.db 2015-04-08 18:50 - 2014-10-05 00:58 - 00000707 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2015-04-08 18:50 - 2014-09-28 09:23 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-08 18:49 - 2014-09-23 23:06 - 00041360 _____ () C:\WINDOWS\PFRO.log 2015-04-08 18:49 - 2013-08-22 16:46 - 00337242 _____ () C:\WINDOWS\setupact.log 2015-04-08 18:49 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-08 18:49 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-08 18:48 - 2014-10-17 20:44 - 00000000 ____D () C:\Users\Kathleena Naudascher 2015-04-08 18:45 - 2014-09-28 09:23 - 00001154 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-08 18:40 - 2014-09-28 09:23 - 00004126 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-04-08 18:40 - 2014-09-28 09:23 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-04-08 18:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-06 16:17 - 2014-09-28 09:23 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Local\Google 2015-04-06 16:17 - 2014-09-28 09:23 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-06 16:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-06 16:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-06 16:08 - 2015-02-28 17:24 - 00001937 _____ () C:\Users\Kathleena Naudascher\Desktop\Spotify.lnk 2015-04-06 16:08 - 2015-02-28 17:24 - 00001923 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-04-06 16:07 - 2014-10-18 20:21 - 00000000 ____D () C:\Users\Kathleena Naudascher\Desktop\mm 2015-03-25 01:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-23 20:45 - 2014-12-24 13:24 - 00000000 ____D () C:\AdwCleaner 2015-03-23 20:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-03-23 20:14 - 2013-08-22 16:44 - 00484488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-23 20:10 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-22 21:12 - 2014-09-28 09:45 - 00000000 ____D () C:\ProgramData\Lenovo 2015-03-22 21:12 - 2014-09-27 20:40 - 00000000 ____D () C:\Users\Kathleena Naudascher\AppData\Roaming\LSC 2015-03-22 21:11 - 2012-10-15 22:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2015-03-22 21:11 - 2012-10-15 22:17 - 00000000 ____D () C:\Program Files\Lenovo 2015-03-22 21:11 - 2012-10-15 22:15 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2015-03-22 21:09 - 2012-10-15 22:31 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2015-03-22 16:20 - 2014-10-18 20:18 - 00244736 ___SH () C:\Users\Kathleena Naudascher\Downloads\Thumbs.db 2015-03-14 19:49 - 2014-09-28 00:22 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-14 19:47 - 2014-09-27 21:33 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-14 19:44 - 2014-09-27 21:33 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-12-24 13:31 - 2014-12-24 13:31 - 0000004 _____ () C:\Users\Kathleena Naudascher\AppData\Roaming\appdataFr2.bin 2012-10-15 22:11 - 2012-10-15 22:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-06 17:01 ==================== End Of Log ============================ --- --- --- |
09.04.2015, 08:20 | #10 |
/// the machine /// TB-Ausbilder | Windows 8, Google Chrome, Werbefenster öffnen sich alleine Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.04.2015, 17:40 | #11 |
| Windows 8, Google Chrome, Werbefenster öffnen sich alleine nein, bisher nicht! danke dir! |
13.04.2015, 08:37 | #12 |
/// the machine /// TB-Ausbilder | Windows 8, Google Chrome, Werbefenster öffnen sich alleineCleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8, Google Chrome, Werbefenster öffnen sich alleine |
chrome, compu, google, google chrome, hoffe, immer wieder, kleine, laptop, liebe, lieben, nervig, pop up, schließe, schließen, schonmal, seite, sofort, tauchen, werbefenster, werbung, windows, windows 8, wndows 8, ziemlich, ähnliches, öffnen |