Die Werbeeinblendungen im Firefox und Internetexplorer scheinen nach ein paar aufgerufenen Testeseiten behoben. Weiterhin aber die Werbung im Chrome, vermutlich veruracht durch die Erweiterung, die sich nach dem löaschen sofort wieder installiert.
Was mir noch eingefallen ist, ich will dir aber nicht vorgreifen:
Kann es sein das unter msconfig/Dienste bzw. Systemstart (per Registry) noch die ein- oder andere Adware mitgestartet wird, die das nicht sollte?
ESET: Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9381dba806d6d84795d26966e39b6dd2
# engine=21413
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-05 02:49:33
# local_time=2014-12-05 03:49:33 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 235536 8095292 0 0
# scanned=269692
# found=94
# cleaned=0
# scan_time=17121
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=026B7B5205DD8E62052CC3A54972AB43260E6C48 ft=1 fh=c71c0011b8ef04d8 vn="Variante von Win32/Toolbar.Montiera.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dmojd16n.dll.vir"
sh=277BAA884EF5082ABBFE30429318726C03539A36 ft=1 fh=c71c0011936f6209 vn="Win32/Toolbar.Montiera.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\ocjOMmbg.dll.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lisa Z\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js.vir"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js.vir"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\torch\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js.vir"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\Lisa Z\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=9598D636C28128D64BC42CF9D448CA6D12D70B97 ft=1 fh=c71c0011a1afb715 vn="Win32/Adware.Pirrit.N Anwendung" ac=I fn="C:\Users\Lisa Z\AppData\Local\pythoncredsspRec\nativeclbcatqDrv.exe"
sh=B68145D2F6F55DF129ADDDC40F0FAFD7CB0327D5 ft=1 fh=835b711f313af3f1 vn="Win32/Adware.Pirrit.O Anwendung" ac=I fn="C:\Users\Lisa Z\AppData\Local\pythoncredsspRec\pythoncredsspRec.exe"
sh=09E15C9675BE9BCA07B4DEC76EC3E1A407EF1663 ft=1 fh=62ef96bb58c196bb vn="Win32/NetToolDetect.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa Z\AppData\Local\pythoncredsspRec\SrDt.exe"
sh=B9A330F4B4FD0D514DE4B71D3C41E84538077EE2 ft=1 fh=42859e561c6df2ae vn="Variante von Win32/SoftPulse.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa Z\Downloads\iphone5s\Setup.exe"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=D340CAA75A89144CAC324B76524AE79200E1832B ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\content.js"
sh=2A5E0B51ED44F9E97F3741ACB644937B05756D47 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\k9q0a.js"
sh=EDCFD0EE01D3C2DF5A7B26C8EEABE46E29272E0F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mapgpicndjddbioebadbkpmjgmlofcbm\5.2\lsdb.js"
sh=03274A367805B2FF6C992AE56168B1CF1885E77E ft=1 fh=81b8e1847b3bf8a4 vn="Win32/Adware.Pirrit.I Anwendung" ac=I fn="C:\Windows\System32\BackupFreewareMethod\BackupFreewareMethod.exe"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\Windows\System32\CompilerInteractiveMBR\CompilerInteractiveMBR.exe"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\Windows\System32\runtimewizard64\runtimewizard64.exe"
sh=03274A367805B2FF6C992AE56168B1CF1885E77E ft=1 fh=81b8e1847b3bf8a4 vn="Win32/Adware.Pirrit.I Anwendung" ac=I fn="C:\Windows\SysWOW64\BackupFreewareMethod\BackupFreewareMethod.exe"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\Windows\SysWOW64\CompilerInteractiveMBR\CompilerInteractiveMBR.exe"
sh=C4BB77B2DC9A6B33E8AEBFE9C7E2C6E84829EBA5 ft=1 fh=69ae750a9101650e vn="Win32/Adware.Pirrit.M Anwendung" ac=I fn="C:\Windows\SysWOW64\runtimewizard64\runtimewizard64.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Adware.Pirrit.N Anwendung" ac=I fn="${Memory}"
SecurityCheck (lief nicht): Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Additional: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Lisa Z at 2014-12-05 16:09:08
Running from C:\Users\Lisa Z\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX510 series Benutzerregistrierung (HKLM-x32\...\Canon MX510 series Benutzerregistrierung) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM-x32\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.37.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.31 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27028 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SPAMfighter (x32 Version: 7.6.90 - Spamfighter ApS) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4017655819-3545125221-1403351269-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
16-11-2014 17:40:53 Windows Modules Installer
26-11-2014 08:47:40 Windows Update
02-12-2014 13:45:56 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0307A090-2E31-43DA-9504-472A3A76E984} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {07F2FAC1-1DE9-4FA0-8840-5234A50BD385} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23D0C9D9-2DCD-43ED-B580-AC44535A743A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {43669FA7-7C0C-47B4-8079-B7B4AC640022} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {5E394066-8579-42E3-A14A-C8CC3B185A98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-02] (Adobe Systems Incorporated)
Task: {61F4F8C2-11AD-4FFB-BEF3-77614E838761} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {B301BF30-4C4A-4BA0-BE30-8F06AE9228E0} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {C4A952C7-B0F2-4982-9534-172E98C6BD3E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CE94CBA4-1793-4B8D-B770-DC1EE8AB5E91} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {DC781D12-CB6C-497B-9B54-DD054679F06E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-16 08:48 - 2011-09-06 12:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-12-02 15:19 - 2014-11-26 15:46 - 00208384 _____ () C:\Users\Lisa Z\AppData\Local\pythoncredsspRec\pythoncredsspRec.exe
2014-12-02 15:19 - 2014-11-26 15:46 - 00427008 _____ () C:\Users\Lisa Z\AppData\Local\pythoncredsspRec\nativeclbcatqDrv.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2014-11-30 19:59 - 2014-11-26 15:47 - 00068096 _____ () C:\WINDOWS\SysWOW64\CompilerInteractiveMBR\CompilerInteractiveMBR.exe
2014-12-02 15:19 - 2014-11-26 15:47 - 00068096 _____ () C:\WINDOWS\SysWOW64\runtimewizard64\runtimewizard64.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-27 02:46 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Lisa Z\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "eDealPop"
HKLM\...\StartupApproved\Run32: => "CommonToolkitTray"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "RadioController"
HKLM\...\StartupApproved\Run32: => "sfagent"
HKU\S-1-5-21-4017655819-3545125221-1403351269-1002\...\StartupApproved\Run: => "Yahoo! Search"
========================= Accounts: ==========================
Administrator (S-1-5-21-4017655819-3545125221-1403351269-500 - Administrator - Disabled)
Gast (S-1-5-21-4017655819-3545125221-1403351269-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4017655819-3545125221-1403351269-1006 - Limited - Enabled)
Lisa Z (S-1-5-21-4017655819-3545125221-1403351269-1002 - Administrator - Enabled) => C:\Users\Lisa Z
UpdatusUser (S-1-5-21-4017655819-3545125221-1403351269-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (12/05/2014 03:56:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Error: (12/05/2014 01:50:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
Error: (12/05/2014 01:50:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
Error: (12/05/2014 01:50:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2014 00:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 68359
Error: (12/05/2014 00:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 68359
Error: (12/05/2014 00:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2014 00:27:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1297
Error: (12/05/2014 00:27:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1297
Error: (12/05/2014 00:27:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (12/05/2014 04:05:36 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/05/2014 04:05:06 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/05/2014 04:00:17 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/05/2014 03:59:47 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/05/2014 03:59:10 PM) (Source: DCOM) (EventID: 10010) (User: ID-820110203)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (12/05/2014 03:58:40 PM) (Source: DCOM) (EventID: 10010) (User: ID-820110203)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (12/05/2014 03:58:10 PM) (Source: DCOM) (EventID: 10010) (User: ID-820110203)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (12/05/2014 03:57:41 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/05/2014 03:57:40 PM) (Source: DCOM) (EventID: 10010) (User: ID-820110203)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (12/05/2014 03:57:11 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (12/05/2014 03:56:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (12/05/2014 01:50:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188
Error: (12/05/2014 01:50:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1188
Error: (12/05/2014 01:50:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2014 00:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 68359
Error: (12/05/2014 00:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 68359
Error: (12/05/2014 00:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2014 00:27:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1297
Error: (12/05/2014 00:27:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1297
Error: (12/05/2014 00:27:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-12-04 13:01:50.203
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:49.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:48.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:47.154
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:46.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:45.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:44.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:43.629
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:42.764
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-04 13:01:42.052
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 44%
Total physical RAM: 3891.6 MB
Available physical RAM: 2177.39 MB
Total Pagefile: 4595.6 MB
Available Pagefile: 2809.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:448.93 GB) (Free:351.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 57D4654D)
Partition: GPT Partition Type.
==================== End Of Log ============================
| 
SecurityCheck und: