|
Log-Analyse und Auswertung: Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
23.02.2015, 20:23 | #1 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Hallo und Guten Tag den vielen Hilfsbereiten hier. Ich habe folgendes Problem: mehrere Internetprogramme lassen sich seit einigen Tagen auf meinem PC nicht mehr öffnen, so z.B. mein emailcenter von t-online. Googlemail dagegen funktioniert. Bei einem Browserspiel, das ich manchmal spiele (RisingCity) kann ich mich nur schwer einloggen, es sind mehrere Versuche nötig. Wenn ich dann endlich das Spiel zum Laufen gebracht habe, bricht sehr häufig die Internetverbindung ab. Auch das aktuelle Wetter u.ä. funktioniert nicht. Der Zugang zu meinem Bankkonto dagegen geht. Ich bin ziemlich ratlos und für jede Hilfe sehr dankbar. Die logfiles: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015 Ran by User (administrator) on PC-23821 on 23-02-2015 19:15:58 Running from C:\Users\User\Desktop Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.2.7\LavasoftTcpService.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3921552 2012-06-04] (VIA) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] () HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1298240 2015-02-18] (Lavasoft) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022215-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005 HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2337261035-4237212436-276764820-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D022215-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms} SearchScopes: HKU\S-1-5-21-2337261035-4237212436-276764820-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D022215-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms} SearchScopes: HKU\S-1-5-21-2337261035-4237212436-276764820-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 23 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A8985A77-4CE0-42F5-BA3B-EAE5464256A3}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default FF NewTab: about:blank FF DefaultSearchEngine: Bing FF Homepage: https://de.yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Easy YouTube MP3 Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\5@thumbpro.net.xpi [2014-02-14] FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\firefox@ghostery.com.xpi [2014-02-14] FF Extension: ClixAddon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2014-06-14] FF Extension: YouTube to MP3 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-02-14] FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2014-02-14] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-02-14] FF Extension: Speed Dial - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-02-14] FF Extension: Date Picker/Calendar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}.xpi [2014-02-14] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-14] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-20] FF HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-29] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-29] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-29] CHR Extension: (Page Eraser) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2014-12-06] CHR Extension: (NCapture) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-12-06] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-29] CHR Extension: (Minimal Memory) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgklkggfaokcoipmecomffdpebimle [2014-11-29] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-29] CHR Extension: (BuyNsave) - C:\ProgramData\mklnhcinkfhmcbmboaimenmhkjdolpcc\ [2014-03-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.2.7\LavasoftTcpService.exe [1516104 2015-02-18] (Lavasoft Limited) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG) R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-02-18] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-12-06] (Emsisoft GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1832560 2012-05-04] (VIA Technologies, Inc.) R2 WinRing0_1_2_0; C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0.sys [14416 2014-02-13] (OpenLibSys.org) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 19:15 - 2015-02-23 19:16 - 00018587 _____ () C:\Users\User\Desktop\FRST.txt 2015-02-23 19:15 - 2015-02-23 19:15 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion 2015-02-23 19:12 - 2015-02-23 19:14 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log 2015-02-23 19:12 - 2015-02-23 19:12 - 00000000 _____ () C:\Users\User\defogger_reenable 2015-02-23 19:05 - 2015-02-23 19:05 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2015-02-23 17:47 - 2015-02-23 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-02-23 07:34 - 2015-02-23 18:52 - 00043929 _____ () C:\Windows\WindowsUpdate.log 2015-02-22 07:39 - 2015-02-22 07:39 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-02-22 07:39 - 2015-02-22 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-22 07:39 - 2015-02-22 07:39 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-22 07:33 - 2015-02-22 07:33 - 00005160 _____ () C:\Windows\system32\LavasoftTcpService.ini 2015-02-22 07:33 - 2015-02-22 07:33 - 00002856 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-02-22 07:33 - 2015-02-22 07:33 - 00000000 ____D () C:\Users\User\AppData\Local\Lavasoft 2015-02-22 07:33 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2015-02-22 07:28 - 2015-02-22 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-02-22 07:28 - 2015-02-22 07:28 - 00000000 ____D () C:\Program Files\Lavasoft 2015-02-22 07:24 - 2015-02-22 07:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lavasoft 2015-02-22 07:24 - 2015-02-22 07:24 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-02-22 07:19 - 2015-02-22 07:19 - 00668120 _____ () C:\Users\User\Downloads\ccsetup502_CB-DL-Manager.exe 2015-02-17 18:21 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 18:21 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 18:21 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-12 09:31 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 09:31 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 07:15 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 07:15 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 07:15 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 07:15 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 07:15 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 07:15 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 07:15 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 07:15 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 07:15 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 07:15 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 07:15 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 07:15 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 07:15 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 07:13 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 07:13 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 07:13 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 07:13 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-02-11 07:13 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 07:13 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 07:13 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 07:12 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 07:12 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 07:12 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 07:12 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 07:12 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 07:12 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 07:12 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 07:12 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 07:12 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 07:12 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 07:12 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 07:12 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 07:12 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 07:12 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 07:12 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 07:12 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 07:12 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 07:12 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 07:12 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 07:12 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 07:12 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 07:12 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 07:12 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 07:12 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 07:12 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 07:12 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 07:12 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 07:12 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 07:11 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 07:11 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 07:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 07:11 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 07:11 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-01-30 09:47 - 2015-01-30 09:47 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-01-26 19:50 - 2015-01-26 19:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 19:16 - 2015-01-06 11:16 - 00000000 ____D () C:\FRST 2015-02-23 19:15 - 2015-01-06 11:15 - 01126912 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2015-02-23 19:14 - 2014-03-29 17:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-23 18:34 - 2014-02-13 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 18:27 - 2014-02-21 14:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-23 17:38 - 2014-12-30 19:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-23 17:38 - 2014-03-29 17:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-23 07:39 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 07:39 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 07:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-22 18:34 - 2015-01-10 18:07 - 00000000 ____D () C:\Users\User\Documents\neorefs 2015-02-22 07:41 - 2014-02-13 12:03 - 00000000 ____D () C:\Windows\Panther 2015-02-18 16:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2015-02-16 21:42 - 2015-01-11 16:38 - 00000000 ____D () C:\Users\User\Documents\BFZ2015 2015-02-15 21:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-12 09:19 - 2009-07-14 05:33 - 00296688 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 09:18 - 2014-12-11 07:54 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 09:18 - 2014-05-25 02:22 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 09:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-02-11 22:46 - 2014-02-13 14:47 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 22:40 - 2014-02-13 14:47 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-05 08:34 - 2014-02-13 19:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 08:34 - 2014-02-13 19:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-05 07:05 - 2014-03-20 13:12 - 00000000 ____D () C:\Program Files\McAfee 2015-01-30 09:45 - 2014-10-17 10:05 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-01-30 09:45 - 2014-02-13 19:18 - 00000000 ____D () C:\Program Files\Java 2015-01-27 06:55 - 2014-02-13 19:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-24 10:15 - 2015-01-10 17:51 - 00001334 _____ () C:\Users\Public\Desktop\Neobux Referrals Handy Manager.lnk 2015-01-24 10:15 - 2015-01-10 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neobux Referrals Handy Manager 2015-01-24 10:15 - 2015-01-10 17:50 - 00000000 ____D () C:\Program Files\Neobux Referrals Handy Manager ==================== Files in the root of some directories ======= 2014-08-14 20:07 - 2014-08-14 20:07 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-15 21:15 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015 Ran by User at 2015-02-23 19:17:33 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Web Companion (Version: 1.1.885.1766 - Lavasoft) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CasinoClub (HKLM\...\CasinoClub ) (Version: - GtechG2) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) D-i-v-X AVI Codec Pack Pro 2.4.0 (HKLM\...\D-i-v-X - AVI Codec Pack Pro) (Version: - D-i-v-X AVI Codec Pack Pro) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LavasoftTcpService (Version: 2.3.2.7 - Lavasoft) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Neobux Referrals Handy Manager Version 2.4 (HKLM\...\{6A289DA0-E862-4C0A-BDD6-7FED910C1906}_is1) (Version: - yahiatnt) Neobux Referrals Handy Manager Version 2.4 (HKLM\...\{7D33B4DE-6D1A-4E03-B0C8-1BD4DA5C4194}_is1) (Version: - yahiatnt) Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden Shark007 Advanced Codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.4.2 - Shark007) Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - ) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Web Companion (HKLM\...\{0CCC3DEB-F976-4477-AD38-520A692B9F4D}_WebCompanion) (Version: 1.1.885.1766 - Lavasoft) WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2337261035-4237212436-276764820-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2337261035-4237212436-276764820-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\4A27eF\temp\Download.exe No File ==================== Restore Points ========================= 16-01-2015 09:01:34 McAfee Vulnerability Scanner 27-01-2015 18:53:36 Geplanter Prüfpunkt 30-01-2015 09:42:09 McAfee Vulnerability Scanner 11-02-2015 22:37:07 Windows Update 12-02-2015 21:43:14 Windows Update 17-02-2015 21:58:36 Windows Update 22-02-2015 07:25:05 LavasoftWeCompanion ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060E67A7-1A1F-4986-B7AA-9A0653C9AD4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.) Task: {3A334196-B827-468B-803B-0C1DA237E654} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.) Task: {7F2039DA-9ACE-41B2-9EBB-73CEA82419B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {9700A53C-3B50-49E6-84CF-838C9B0F11E2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2337261035-4237212436-276764820-1000 Task: {A87CEA36-5183-4EBC-8B05-B6826E0D926B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A9CF4785-967B-42F9-815F-457CBDCE5760} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {F94E5ADC-722F-4E36-A006-BDA517DFEAF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-02-13 12:46 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2006-12-08 12:59 - 2006-12-08 12:59 - 00022723 _____ () C:\Windows\System32\sugi1l3.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-13 13:29 - 2012-06-04 10:25 - 00080528 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll 2014-02-13 13:29 - 2012-06-04 10:25 - 00113296 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll 2013-11-15 01:48 - 2013-11-15 01:48 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00072512 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00176488 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00046408 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00033136 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00015696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-02-18 11:54 - 2015-02-18 11:54 - 00120152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-02-18 11:54 - 2015-02-18 11:54 - 00069960 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00039256 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-02-18 11:53 - 2015-02-18 11:53 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00034152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2009-07-14 01:56 - 2009-07-14 02:16 - 00159232 _____ () C:\Windows\system32\SaMinDrv.dll 2015-01-26 19:50 - 2015-01-26 19:50 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2015-02-05 08:34 - 2015-02-05 08:34 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2337261035-4237212436-276764820-500 - Administrator - Disabled) Gast (S-1-5-21-2337261035-4237212436-276764820-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2337261035-4237212436-276764820-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-2337261035-4237212436-276764820-1001 - Limited - Enabled) => C:\Users\UpdatusUser User (S-1-5-21-2337261035-4237212436-276764820-1000 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1030 System errors: ============= Error: (02/23/2015 05:45:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Microsoft Office Sessions: ========================= Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1030 CodeIntegrity Errors: =================================== Date: 2014-04-09 10:46:59.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.622 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.619 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.577 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.573 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.571 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.554 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.552 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.548 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.420 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 85% Total physical RAM: 2015.37 MB Available physical RAM: 292.95 MB Total Pagefile: 5037.37 MB Available Pagefile: 2114.85 MB Total Virtual: 2047.88 MB Available Virtual: 1888.09 MB ==================== Drives ================================ Drive c: (Win7) (Fixed) (Total:465.66 GB) (Free:422.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 32A4CD5D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015 Ran by User at 2015-02-23 19:17:33 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Web Companion (Version: 1.1.885.1766 - Lavasoft) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CasinoClub (HKLM\...\CasinoClub ) (Version: - GtechG2) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) D-i-v-X AVI Codec Pack Pro 2.4.0 (HKLM\...\D-i-v-X - AVI Codec Pack Pro) (Version: - D-i-v-X AVI Codec Pack Pro) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LavasoftTcpService (Version: 2.3.2.7 - Lavasoft) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Neobux Referrals Handy Manager Version 2.4 (HKLM\...\{6A289DA0-E862-4C0A-BDD6-7FED910C1906}_is1) (Version: - yahiatnt) Neobux Referrals Handy Manager Version 2.4 (HKLM\...\{7D33B4DE-6D1A-4E03-B0C8-1BD4DA5C4194}_is1) (Version: - yahiatnt) Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden Shark007 Advanced Codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.4.2 - Shark007) Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - ) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Web Companion (HKLM\...\{0CCC3DEB-F976-4477-AD38-520A692B9F4D}_WebCompanion) (Version: 1.1.885.1766 - Lavasoft) WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2337261035-4237212436-276764820-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2337261035-4237212436-276764820-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\4A27eF\temp\Download.exe No File ==================== Restore Points ========================= 16-01-2015 09:01:34 McAfee Vulnerability Scanner 27-01-2015 18:53:36 Geplanter Prüfpunkt 30-01-2015 09:42:09 McAfee Vulnerability Scanner 11-02-2015 22:37:07 Windows Update 12-02-2015 21:43:14 Windows Update 17-02-2015 21:58:36 Windows Update 22-02-2015 07:25:05 LavasoftWeCompanion ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060E67A7-1A1F-4986-B7AA-9A0653C9AD4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.) Task: {3A334196-B827-468B-803B-0C1DA237E654} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.) Task: {7F2039DA-9ACE-41B2-9EBB-73CEA82419B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {9700A53C-3B50-49E6-84CF-838C9B0F11E2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2337261035-4237212436-276764820-1000 Task: {A87CEA36-5183-4EBC-8B05-B6826E0D926B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A9CF4785-967B-42F9-815F-457CBDCE5760} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {F94E5ADC-722F-4E36-A006-BDA517DFEAF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-02-13 12:46 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2006-12-08 12:59 - 2006-12-08 12:59 - 00022723 _____ () C:\Windows\System32\sugi1l3.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-13 13:29 - 2012-06-04 10:25 - 00080528 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll 2014-02-13 13:29 - 2012-06-04 10:25 - 00113296 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll 2013-11-15 01:48 - 2013-11-15 01:48 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00072512 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00176488 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00046408 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00033136 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00015696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-02-18 11:54 - 2015-02-18 11:54 - 00120152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-02-18 11:54 - 2015-02-18 11:54 - 00069960 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00039256 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-02-18 11:53 - 2015-02-18 11:53 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00034152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2009-07-14 01:56 - 2009-07-14 02:16 - 00159232 _____ () C:\Windows\system32\SaMinDrv.dll 2015-01-26 19:50 - 2015-01-26 19:50 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2015-02-05 08:34 - 2015-02-05 08:34 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2337261035-4237212436-276764820-500 - Administrator - Disabled) Gast (S-1-5-21-2337261035-4237212436-276764820-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2337261035-4237212436-276764820-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-2337261035-4237212436-276764820-1001 - Limited - Enabled) => C:\Users\UpdatusUser User (S-1-5-21-2337261035-4237212436-276764820-1000 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1030 System errors: ============= Error: (02/23/2015 05:45:06 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Microsoft Office Sessions: ========================= Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5772 Error: (02/23/2015 03:57:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4727 Error: (02/23/2015 03:57:46 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3697 Error: (02/23/2015 03:57:45 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/23/2015 03:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1030 CodeIntegrity Errors: =================================== Date: 2014-04-09 10:46:59.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.622 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.619 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.577 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.573 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.571 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.554 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.552 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.548 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.420 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 85% Total physical RAM: 2015.37 MB Available physical RAM: 292.95 MB Total Pagefile: 5037.37 MB Available Pagefile: 2114.85 MB Total Virtual: 2047.88 MB Available Virtual: 1888.09 MB ==================== Drives ================================ Drive c: (Win7) (Fixed) (Total:465.66 GB) (Free:422.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 32A4CD5D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gabriela |
23.02.2015, 20:49 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
23.02.2015, 21:13 | #3 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Nein, es gab keine Funde, ich habe ja Malwarebytes und McAffee, sie scheinen gut zu arbeiten.
__________________Ich lese schon länger in Eurem hervorragenden Board, wenn ich ein Problem habe. Nur diesmal bin ich völlig ratlos, woran es liegen könnte. |
23.02.2015, 21:23 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Ok, bitte mal mit MBAR scannen: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2015, 19:48 | #5 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Vielen Dank für Deine Unterstützung. Ich muss das aber auf morgen verschieben, da ich jetzt schon steinmüde bin und mich nicht mehr genügend konzentrieren kann. Da mache ich dann nur Unfug. ICh wollte mich noch kurz abmelden und nicht einfach unhöflich davonschleichen. Bis bald! Sorry, aber ich bleibe schon bei dieser einfachen Aufgabe hängen. Bis zur Aktualisierung der Datenbank bin ich gekommen, der Scan funktioniert nicht. Ich erhalte die Meldung: "This version of Malewarebyte Anti-Rootkit requiers you to completely exit the Malwarebytes Anti-Malware Application to continue." d.h. doch, ich soll MWB ausschalten? Ich finde nicht, wie das geht, in der Systemkonfiguration ist es nicht aufgelistet. |
25.02.2015, 00:09 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Geh ins Menü von Malwarebytes und deaktiviere es. Sollte nicht zu übersehen sein. Dann MBAR wiederholen.
__________________ --> Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen |
25.02.2015, 10:06 | #7 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Keine Funde: Scan finished: No malware found! Bleibe weiter ratlos! Ein Freund glaubt, es sei ein Problem des Routers. Wäre das möglich? Entschuldige bitte nochmals meine Dusseligkeit, ich geniere mich schon, dass ich mich so wenig auskenne. |
25.02.2015, 11:00 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
25.02.2015, 12:17 | #9 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen 1. Adw cleaner Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 25/02/2015 um 11:58:19 # Aktualisiert 18/02/2015 von Xplode # Datenbank : 2015-02-18.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86) # Benutzername : User - PC-23821 # Gestarted von : C:\Users\User\Desktop\AdwCleaner_4.111.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\mklnhcinkfhmcbmboaimenmhkjdolpcc ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17631 -\\ Mozilla Firefox v36.0 (x86 de) [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.8QHlZHcSscy5vgkB.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Ujim9gqAqSQypu7Z.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app50611%22%3A%22app50[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.expiration", "Tue Feb 03 2015 07:47:08 GMT+0100"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.value", "%22DE%22"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.expiration", "Fri Jan 30 2015 17:30:11 GMT+0100"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A50611%2C%22appName%22%3A%22CrowdFlowe[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.thankyou", "hxxp://crossrider.com/thank_you/50611"); -\\ Google Chrome v39.0.2171.71 [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : mklnhcinkfhmcbmboaimenmhkjdolpcc ************************* AdwCleaner[R0].txt - [23831 Bytes] - [06/01/2015 11:20:00] AdwCleaner[R1].txt - [4440 Bytes] - [25/02/2015 11:44:58] AdwCleaner[R2].txt - [4497 Bytes] - [25/02/2015 11:50:28] AdwCleaner[S0].txt - [25016 Bytes] - [06/01/2015 11:25:39] AdwCleaner[S1].txt - [4492 Bytes] - [25/02/2015 11:58:19] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4551 Bytes] ########## Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 25/02/2015 um 11:58:19 # Aktualisiert 18/02/2015 von Xplode # Datenbank : 2015-02-18.3 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86) # Benutzername : User - PC-23821 # Gestarted von : C:\Users\User\Desktop\AdwCleaner_4.111.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\mklnhcinkfhmcbmboaimenmhkjdolpcc ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17631 -\\ Mozilla Firefox v36.0 (x86 de) [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.8QHlZHcSscy5vgkB.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Ujim9gqAqSQypu7Z.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app50611%22%3A%22app50[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.expiration", "Tue Feb 03 2015 07:47:08 GMT+0100"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.value", "%22DE%22"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.expiration", "Fri Jan 30 2015 17:30:11 GMT+0100"); [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A50611%2C%22appName%22%3A%22CrowdFlowe[...] [jtjjhqi3.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.thankyou", "hxxp://crossrider.com/thank_you/50611"); -\\ Google Chrome v39.0.2171.71 [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : mklnhcinkfhmcbmboaimenmhkjdolpcc ************************* AdwCleaner[R0].txt - [23831 Bytes] - [06/01/2015 11:20:00] AdwCleaner[R1].txt - [4440 Bytes] - [25/02/2015 11:44:58] AdwCleaner[R2].txt - [4497 Bytes] - [25/02/2015 11:50:28] AdwCleaner[S0].txt - [25016 Bytes] - [06/01/2015 11:25:39] AdwCleaner[S1].txt - [4492 Bytes] - [25/02/2015 11:58:19] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4551 Bytes] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 Ran by User (administrator) on PC-23821 on 25-02-2015 12:10:27 Running from C:\Users\User\Desktop Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.2.7\LavasoftTcpService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3921552 2012-06-04] (VIA) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] () HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1298240 2015-02-18] (Lavasoft) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D022215-A6B219395BABB4E59ADF&form=CONMHP&conlogo=CT3332005 HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2337261035-4237212436-276764820-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Winsock: Catalog9 23 C:\Windows\system32\LavasoftTcpService.dll [326240] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A8985A77-4CE0-42F5-BA3B-EAE5464256A3}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default FF NewTab: about:blank FF DefaultSearchEngine: Google.de FF Homepage: https://de.yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\searchplugins\googlede.xml FF Extension: Easy YouTube MP3 Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\5@thumbpro.net.xpi [2014-02-14] FF Extension: Ghostery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\firefox@ghostery.com.xpi [2014-02-14] FF Extension: ClixAddon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2014-06-14] FF Extension: YouTube to MP3 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\youtube2mp3@mondayx.de.xpi [2014-02-14] FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2014-02-14] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-02-14] FF Extension: Speed Dial - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-02-14] FF Extension: Date Picker/Calendar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}.xpi [2014-02-14] FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-14] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-20] FF HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-29] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-29] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-29] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-29] CHR Extension: (Page Eraser) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2014-12-06] CHR Extension: (NCapture) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2014-12-06] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-29] CHR Extension: (Minimal Memory) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgklkggfaokcoipmecomffdpebimle [2014-11-29] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.2.7\LavasoftTcpService.exe [1516104 2015-02-18] (Lavasoft Limited) S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.) S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG) R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-02-18] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\BIN\a2ddax86.sys [22056 2014-12-06] (Emsisoft GmbH) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-12-06] (Emsisoft GmbH) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-25] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1832560 2012-05-04] (VIA Technologies, Inc.) R2 WinRing0_1_2_0; C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0.sys [14416 2014-02-13] (OpenLibSys.org) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 12:10 - 2015-02-25 12:11 - 00017060 _____ () C:\Users\User\Desktop\FRST.txt 2015-02-25 12:08 - 2015-02-25 12:08 - 00000754 _____ () C:\Users\User\Desktop\JRT.txt 2015-02-25 12:03 - 2015-02-25 12:03 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe 2015-02-25 11:19 - 2015-02-25 11:19 - 02126848 _____ () C:\Users\User\Desktop\AdwCleaner_4.111.exe 2015-02-25 09:45 - 2015-02-25 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-02-25 09:42 - 2015-02-25 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-25 09:35 - 2015-02-25 09:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-24 18:59 - 2015-02-25 10:08 - 00000000 ____D () C:\Users\User\Desktop\mbar 2015-02-24 18:52 - 2015-02-24 18:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.1.1004.exe 2015-02-24 05:46 - 2015-02-25 11:59 - 00000224 _____ () C:\Windows\setupact.log 2015-02-24 05:46 - 2015-02-24 05:46 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-23 19:17 - 2015-02-23 19:18 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe 2015-02-23 19:15 - 2015-02-25 12:10 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion 2015-02-23 19:12 - 2015-02-23 19:12 - 00000000 _____ () C:\Users\User\defogger_reenable 2015-02-23 19:05 - 2015-02-23 19:05 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe 2015-02-23 07:34 - 2015-02-25 12:05 - 00153320 _____ () C:\Windows\WindowsUpdate.log 2015-02-22 07:39 - 2015-02-22 07:39 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-02-22 07:39 - 2015-02-22 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-22 07:39 - 2015-02-22 07:39 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-22 07:33 - 2015-02-22 07:33 - 00005160 _____ () C:\Windows\system32\LavasoftTcpService.ini 2015-02-22 07:33 - 2015-02-22 07:33 - 00002856 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-02-22 07:33 - 2015-02-22 07:33 - 00000000 ____D () C:\Users\User\AppData\Local\Lavasoft 2015-02-22 07:33 - 2015-02-18 11:55 - 00326240 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2015-02-22 07:28 - 2015-02-22 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-02-22 07:28 - 2015-02-22 07:28 - 00000000 ____D () C:\Program Files\Lavasoft 2015-02-22 07:24 - 2015-02-22 07:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lavasoft 2015-02-22 07:24 - 2015-02-22 07:24 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-02-22 07:19 - 2015-02-22 07:19 - 00668120 _____ () C:\Users\User\Downloads\ccsetup502_CB-DL-Manager.exe 2015-02-17 18:21 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 18:21 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 18:21 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-12 09:31 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 09:31 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 07:15 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 07:15 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 07:15 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 07:15 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 07:15 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 07:15 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 07:15 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 07:15 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 07:15 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 07:15 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 07:15 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 07:15 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 07:15 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 07:13 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 07:13 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 07:13 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 07:13 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 07:13 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-02-11 07:13 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 07:13 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 07:13 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 07:13 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 07:12 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 07:12 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 07:12 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 07:12 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 07:12 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 07:12 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 07:12 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 07:12 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 07:12 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 07:12 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 07:12 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 07:12 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 07:12 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 07:12 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 07:12 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 07:12 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 07:12 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 07:12 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 07:12 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 07:12 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 07:12 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 07:12 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 07:12 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 07:12 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 07:12 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 07:12 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 07:12 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 07:12 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 07:11 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 07:11 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 07:11 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 07:11 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 07:11 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-01-30 09:47 - 2015-01-30 09:47 - 00000000 ____D () C:\Program Files\Common Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 12:10 - 2015-01-06 11:16 - 00000000 ____D () C:\FRST 2015-02-25 12:10 - 2015-01-06 11:15 - 01127424 _____ (Farbar) C:\Users\User\Desktop\FRST.exe 2015-02-25 12:08 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-25 12:08 - 2009-07-14 05:34 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-25 12:00 - 2014-02-21 14:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-25 11:59 - 2014-03-29 17:48 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-25 11:59 - 2014-02-13 19:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-25 11:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-25 11:58 - 2015-01-06 11:19 - 00000000 ____D () C:\AdwCleaner 2015-02-25 11:34 - 2014-02-13 19:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-25 11:14 - 2014-03-29 17:48 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-25 10:08 - 2014-12-30 19:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-25 09:42 - 2014-12-30 19:36 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-24 20:15 - 2015-01-10 18:07 - 00000000 ____D () C:\Users\User\Documents\neorefs 2015-02-22 07:41 - 2014-02-13 12:03 - 00000000 ____D () C:\Windows\Panther 2015-02-18 16:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2015-02-16 21:42 - 2015-01-11 16:38 - 00000000 ____D () C:\Users\User\Documents\BFZ2015 2015-02-15 21:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-12 09:19 - 2009-07-14 05:33 - 00296688 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 09:18 - 2014-12-11 07:54 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 09:18 - 2014-05-25 02:22 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 09:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-02-11 22:46 - 2014-02-13 14:47 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-11 22:40 - 2014-02-13 14:47 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-05 08:34 - 2014-02-13 19:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 08:34 - 2014-02-13 19:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-05 07:05 - 2014-03-20 13:12 - 00000000 ____D () C:\Program Files\McAfee 2015-01-30 09:45 - 2014-10-17 10:05 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-01-30 09:45 - 2014-02-13 19:18 - 00000000 ____D () C:\Program Files\Java ==================== Files in the root of some directories ======= 2014-08-14 20:07 - 2014-08-14 20:07 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-15 21:15 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 Ran by User at 2015-02-25 12:11:56 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus und Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Web Companion (Version: 1.1.885.1766 - Lavasoft) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-2337261035-4237212436-276764820-1000\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) CasinoClub (HKLM\...\CasinoClub ) (Version: - GtechG2) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) D-i-v-X AVI Codec Pack Pro 2.4.0 (HKLM\...\D-i-v-X - AVI Codec Pack Pro) (Version: - D-i-v-X AVI Codec Pack Pro) DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LavasoftTcpService (Version: 2.3.2.7 - Lavasoft) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 36.0 (x86 de) (HKLM\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Neobux Referrals Handy Manager Version 2.4 (HKLM\...\{6A289DA0-E862-4C0A-BDD6-7FED910C1906}_is1) (Version: - yahiatnt) Neobux Referrals Handy Manager Version 2.4 (HKLM\...\{7D33B4DE-6D1A-4E03-B0C8-1BD4DA5C4194}_is1) (Version: - yahiatnt) Nero BurnLite 10 (HKLM\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden Shark007 Advanced Codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.4.2 - Shark007) Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version: - ) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) Web Companion (HKLM\...\{0CCC3DEB-F976-4477-AD38-520A692B9F4D}_WebCompanion) (Version: 1.1.885.1766 - Lavasoft) WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2337261035-4237212436-276764820-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2337261035-4237212436-276764820-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\4A27eF\temp\Download.exe No File ==================== Restore Points ========================= 27-01-2015 18:53:36 Geplanter Prüfpunkt 30-01-2015 09:42:09 McAfee Vulnerability Scanner 11-02-2015 22:37:07 Windows Update 12-02-2015 21:43:14 Windows Update 17-02-2015 21:58:36 Windows Update 22-02-2015 07:25:05 LavasoftWeCompanion ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {060E67A7-1A1F-4986-B7AA-9A0653C9AD4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.) Task: {3A334196-B827-468B-803B-0C1DA237E654} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-29] (Google Inc.) Task: {7F2039DA-9ACE-41B2-9EBB-73CEA82419B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {9700A53C-3B50-49E6-84CF-838C9B0F11E2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2337261035-4237212436-276764820-1000 Task: {A87CEA36-5183-4EBC-8B05-B6826E0D926B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A9CF4785-967B-42F9-815F-457CBDCE5760} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {F94E5ADC-722F-4E36-A006-BDA517DFEAF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-02-13 12:46 - 2013-01-31 10:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2006-12-08 12:59 - 2006-12-08 12:59 - 00022723 _____ () C:\Windows\System32\sugi1l3.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00015208 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-02-18 11:53 - 2015-02-18 11:53 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00034152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2014-02-13 13:29 - 2012-06-04 10:25 - 00080528 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll 2014-02-13 13:29 - 2012-06-04 10:25 - 00113296 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll 2013-11-15 01:48 - 2013-11-15 01:48 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe 2013-11-15 01:49 - 2013-11-15 01:49 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00072512 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00176488 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00046408 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00033136 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll 2015-02-18 11:53 - 2015-02-18 11:53 - 00015696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-02-18 11:54 - 2015-02-18 11:54 - 00120152 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-02-18 11:54 - 2015-02-18 11:54 - 00069960 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2009-07-14 01:56 - 2009-07-14 02:16 - 00159232 _____ () C:\Windows\system32\SaMinDrv.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2337261035-4237212436-276764820-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: McAPExe => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: McNaiAnn => 2 MSCONFIG\Services: McODS => 3 MSCONFIG\Services: mcpltsvc => 2 MSCONFIG\Services: McProxy => 2 ==================== Accounts: ============================= Administrator (S-1-5-21-2337261035-4237212436-276764820-500 - Administrator - Disabled) Gast (S-1-5-21-2337261035-4237212436-276764820-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2337261035-4237212436-276764820-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-2337261035-4237212436-276764820-1001 - Limited - Enabled) => C:\Users\UpdatusUser User (S-1-5-21-2337261035-4237212436-276764820-1000 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-09 10:46:59.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.622 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.619 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.577 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.573 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.571 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.554 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.552 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.548 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-04-09 10:46:59.420 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 82% Total physical RAM: 2015.37 MB Available physical RAM: 361.62 MB Total Pagefile: 5037.37 MB Available Pagefile: 3170.34 MB Total Virtual: 2047.88 MB Available Virtual: 1886.96 MB ==================== Drives ================================ Drive c: (Win7) (Fixed) (Total:465.66 GB) (Free:424.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 32A4CD5D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
25.02.2015, 12:25 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
25.02.2015, 13:11 | #11 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen ein dickes Danke für Deine Mühe! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 Ran by User at 2015-02-25 12:47:44 Run:1 Running from C:\Users\User\Desktop Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = EmptyTemp: Hosts: ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 407.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:50:39 ==== Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 Ran by User at 2015-02-25 12:47:44 Run:1 Running from C:\Users\User\Desktop Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = EmptyTemp: Hosts: ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 407.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 12:50:39 ==== |
25.02.2015, 13:14 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
25.02.2015, 19:00 | #13 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Boah, das Ergebnis ist erschreckend! 1. MWB: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.02.2015 Suchlauf-Zeit: 13:23:56 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.25.04 Rootkit Datenbank: v2015.02.22.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 346669 Verstrichene Zeit: 10 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) 2. ESET Dauer 4Std 54Min, 51 Dateien gefunden Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=74450eae3c64664a8383f08abbf9914d # engine=22641 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-25 05:48:05 # local_time=2015-02-25 06:48:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware' # compatibility_mode=5124 16777214 100 100 8418116 111301501 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 32584856 176517676 0 0 # scanned=132117 # found=51 # cleaned=0 # scan_time=17479 sh=A475C57963DA9DAA25A8CC8534BD50FCFB52A93F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\mklnhcinkfhmcbmboaimenmhkjdolpcc\VqvgP.js.vir" sh=CBFC279BC73C697F6B3E02DBE957A2EDC0108A89 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\guCG@MOWJi.org\content\bg.js.vir" sh=E4187E98EFCADF0C3BED7CC47479CFB7446D4D16 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jtjjhqi3.default\Extensions\REFjt40@t402.com\content\bg.js.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Conduit\CT3192727\WinZipBar_DEAutoUpdateHelper.exe" sh=A660D2BC9CFF99A2B97D609819241EC0A33636E6 ft=1 fh=2f6518ca83af4ee2 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53AQEHPL\wssetup[1].exe" sh=91F440A8F2A0FFC91EDA87FE5410B93141B1C6B0 ft=1 fh=1ce5d7cf83504dfe vn="Win32/Toolbar.Conduit.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E16LEG8Z\checktbexist[2].exe" sh=0F259E988910C29BD47DEA772DD72B6228DA8D6C ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E16LEG8Z\popup[2].htm" sh=0DBCBE5913813FDC2D89721EDF1238F0D3633848 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E16LEG8Z\popup[3].htm" sh=9EDF6CEA4131D3E7CBC3BF47FA200F4C26A9DC84 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E16LEG8Z\popup[4].htm" sh=9EDF6CEA4131D3E7CBC3BF47FA200F4C26A9DC84 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E16LEG8Z\popup[5].htm" sh=ED0FFF33D2DA9A36F99C67DB4BDF3C142E2F79DF ft=0 fh=0000000000000000 vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GDJ7K7D8\mgsqlite3[1].7z" sh=D466CE5076CDBA688A4C4FAFE614E0EAFCCF0086 ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIMPJ2YU\pack[1].7z" sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIMPJ2YU\statisticsstub[1].exe" sh=153D61D882922BA440ED0EDB0BE44F58CB47DC5B ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIMPJ2YU\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}[1].cpi" sh=9EDF6CEA4131D3E7CBC3BF47FA200F4C26A9DC84 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM6LQ7DB\popup[1].htm" sh=9EDF6CEA4131D3E7CBC3BF47FA200F4C26A9DC84 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM6LQ7DB\popup[2].htm" sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GM6LQ7DB\statisticsstub[1].exe" sh=EC0C910A032DCB9B23845AABE9B869CB640D9667 ft=1 fh=433e59d18fb0499a vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HW73C0YX\4shared.com[1].exe" sh=D2F32F9F49693045A99A8388CD4B83D58B2C84B7 ft=1 fh=4b5ba5b26a7215e1 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HW73C0YX\MinibarFirefox[1].exe" sh=E5131144C59C77EBB526F92544C391D2A7578283 ft=1 fh=c506046d362e26f8 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5P1310L\IminentMinibarIE[1].exe" sh=010054EF2ED09126B066D9A5BCBCE87DCED1CDEB ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIUT2ICE\iminent[1].msi" sh=157508B8A2BD7ADFD48B588C50BE36CB0513EA7B ft=1 fh=959c3c22060063f9 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIUT2ICE\MinibarChrome[1].exe" sh=9EDF6CEA4131D3E7CBC3BF47FA200F4C26A9DC84 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGBCSMPF\popup[1].htm" sh=22F07DE6C6C7C6583A097A75CB3E0DF41ADEC6BE ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGBCSMPF\popup[2].htm" sh=28ABDF10F6E4C335D213FB27DD756E0975775FC5 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGBCSMPF\popup[3].htm" sh=CADCEDF9257516F8AFC7B9388C028F7EB86CE936 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y323EWTG\sweetiesetup[1].7z" sh=776C911459673F9C907472249FF41BC09847FD74 ft=1 fh=76c87a2654ce8948 vn="Variante von Win32/RBPlus.A evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHDIZ5WA\update1373pw[1].exe" sh=36E1E2CEA6F445E3D8E50C8CC54666A4171444C2 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Smartbar\Application\0Extension.crx" sh=AAF90AB3FFD5E3A38D143A4ED38BE254FD9F92C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Local\Smartbar\Application\1Extension.crx" sh=22555A9067672793F946CD85FE82907B2B183413 ft=0 fh=0000000000000000 vn="Variante von Java/TrojanDownloader.Agent.NGS Trojaner" ac=I fn="C:\Alte Daten\gabriela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\6edd2235-626dab68" sh=9B56DC39344B7A57B45B832B5EE2D07B421216A6 ft=0 fh=0000000000000000 vn="HTML/WhiteSmoke evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\LocalLow\WhiteSmoke\html\english\dictClientDic\index.html" sh=7347094BB7355D843C3B590B6944158EF33010C2 ft=1 fh=d6498a4cb5105e4e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\mifkkmqk.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\Plugins\npConduitFirefoxPlugin.dll" sh=7347094BB7355D843C3B590B6944158EF33010C2 ft=1 fh=d6498a4cb5105e4e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\mifkkmqk.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}\Plugins\npConduitFirefoxPlugin.dll" sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Roaming\Mozilla\Firefox\Profiles\upjixywe.default-1379840510455\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}\Plugins\npConduitFirefoxPlugin.dll" sh=ACF9E9D055517B6571FB5EF39869632F5C85A2D5 ft=1 fh=c3303b6c2148f14d vn="Variante von MSIL/WebCake.B evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Roaming\Yontoo\YontooDesktop.exe" sh=7760A54D309D6F505D7A9D76BE59364E29D16343 ft=1 fh=07d18bc14c7c0804 vn="Variante von MSIL/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Roaming\Yontoo\dat\cst.exe" sh=08E9E952EB0419BAE8224A8557434914CE08025A ft=1 fh=74c0a385301045cc vn="Variante von MSIL/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\AppData\Roaming\Yontoo\dat\DIBS.dat" sh=AA72EFA7FDF9172EC2672DF1648D24986BA3D6F8 ft=1 fh=cb2c7fc8c582efb0 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\4shared_Desktop-4.0.0c.exe" sh=0FAF80293196A4C46C72C1DE49453075579C9E61 ft=1 fh=139c6af0891c2d85 vn="MSIL/Solimba.L evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\7-Zip.exe" sh=AB222109CAE61A11A8610D97C955AA21C22A9A3F ft=1 fh=5fc68e092fe0502f vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\ClixSense_Setup(1).exe" sh=AB222109CAE61A11A8610D97C955AA21C22A9A3F ft=1 fh=5fc68e092fe0502f vn="Variante von Win32/Toolbar.Conduit.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\ClixSense_Setup.exe" sh=566AD8E2C568853535F451FDD2D99614AC97798A ft=1 fh=cac44e7c0cdb3cae vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\fitz.exe" sh=3E142D6EB1164C73E6022DE37CDB4ADE3714A7FE ft=1 fh=d8c7442a6509af5c vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\OnlineWeatherSetup-7rWRMgs.exe" sh=647F1F96900DF2A2FC24E8CDD2A12F1D091C58B0 ft=1 fh=57c38d4089cbb568 vn="Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\sweetimsetup(1).exe" sh=647F1F96900DF2A2FC24E8CDD2A12F1D091C58B0 ft=1 fh=57c38d4089cbb568 vn="Variante von Win32/SweetIM.I evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\sweetimsetup.exe" sh=B213B35E348ADDEA9ACF41DA47AC67CE910AE4A5 ft=1 fh=1c7c2032d7ff50a6 vn="Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\travelguide_1.0_de-DE.exe" sh=A6849F9D20B4D9F68BC57B1EFD627147EEE892AD ft=1 fh=30a538e146042688 vn="Variante von Win32/Amonetize.H evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\WhiteSmokeInstaller__1302_i36133149_il1454917.exe" sh=A6849F9D20B4D9F68BC57B1EFD627147EEE892AD ft=1 fh=30a538e146042688 vn="Variante von Win32/Amonetize.H evtl. unerwünschte Anwendung" ac=I fn="C:\Alte Daten\gabriela\Downloads\WhiteSmokeInstaller__1302_i36133434_il1454917.exe" sh=B9952B43A74FBE2BA9BD46563F6C5104D3AC1A52 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgklkggfaokcoipmecomffdpebimle\199\Qv7DGdAzE.js" sh=9DA6273BB361F8EF36B33FFB17DFDE219D7615F8 ft=1 fh=0aba3e087160d47a vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\ccsetup502_CB-DL-Manager.exe" sh=0D9B3CFF7628D66ECC338B054CEB231CC2072A7F ft=1 fh=91f669ccacb176e0 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\Open_office_Setup.exe" |
26.02.2015, 10:28 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Wasist daran erschreckend? Viele Funde in der adwcleaner Q und in alten Daten. Den Ordner solltest du mal löschen... FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipgklkggfaokcoipmecomffdpebimle\199\Qv7DGdAzE.js C:\Users\User\Downloads\ccsetup502_CB-DL-Manager.exe C:\Users\User\Downloads\Open_office_Setup.exe EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
28.02.2015, 09:12 | #15 |
| Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen Entschuldige bitte, dass ich so lange ruhig geblieben bin, aber eine starke Erkältung zwang mich auf die Matraze Hier das Ergebnis: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-02-2015 Ran by User at 2015-02-28 09:00:06 Run:2 Running from C:\Users\User\Desktop Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = EmptyTemp: Hosts: ***************** HKLM\SOFTWARE\Policies\Google => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 364.3 MB temporary data. The system needed a reboot. ==== End of Fixlog 09:02:02 ==== |
Themen zu Internetprogramme lassen sich nicht öffnen oder die Verbindung wird abgebrochen |
adobe, adware, bonjour, ccsetup, defender, downloader, ebanking, explorer, firefox, firewall, flash player, home, homepage, kaspersky, mozilla, mp3, newtab, problem, programme lassen sich nicht öffnen, refresh, registry, scan, security, services.exe, software, svchost.exe, system, temp, web companion, windows, winlogon.exe |