Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7: compatibilitycheck.exe, plötzliche Töne, aufpoppende Fenster (https://www.trojaner-board.de/163379-windows-7-compatibilitycheck-exe-ploetzliche-toene-aufpoppende-fenster.html)

cosinus 31.01.2015 19:30
Ok, weiter mit MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

AKK87 31.01.2015 20:03
Code:
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.31.04
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Katharina :: KATHARINA-PC [administrator]

31.01.2015 19:33:51
mbar-log-2015-01-31 (19-33-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 447258
Time elapsed: 25 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 31.01.2015 20:53
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


AKK87 31.01.2015 21:43
Hier der Log vom Adwcleaner:

Code:
# AdwCleaner v4.109 - Bericht erstellt am 31/01/2015 um 21:04:18
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Katharina - KATHARINA-PC
# Gestartet von : C:\Users\Katharina\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : netfilter64
[#] Dienst Gelöscht : rqpbhevlkc64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files\004
Ordner Gelöscht : C:\Program Files\coupon downloader
Ordner Gelöscht : C:\Program Files\CouponDownloader
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Katharina\AppData\Roaming\Compatibility Verifier
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tubltyl2.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\invalidprefs.js
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tubltyl2.default\searchplugins\SafeFinder Search.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tubltyl2.default\user.js
Datei Gelöscht : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FA6289D6-676C-4497-88CC-9E2E15488944}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\CouponDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?publisher=IrsSF&dpid=IrsSF&co=DE&userid=5996b633-b646-463b-8213-b1de35c8c45c&searchtype=nt&installDate={installDate}&barcodeid={barcodeID}&u[...]
[tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=IrsSF&dpid=IrsSF&co=DE&userid=5996b633-b646-463b-8213-b1de35c8c45c&searchtype=hp&installDate={installDate}&barcodeid={barcod[...]
[tubltyl2.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=IrsSF&dpid=IrsSF&co=DE&userid=5996b633-b646-463b-8213-b1de35c8c45c&searchtype=ds&installDate={installDate}&barcodeid={barcodeID}&um={UM}&[...]
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149d724d0fa8b-005226cfc521298-40524136-0-149d724d0fb2c4\"");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1423226809");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"f869a5dcfdc069dc8516f917fe02656c557cdcd7\"");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5660996097");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"0a689d49b6d379d817513f2bb8bd8f8b1c47a8af\"");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.install", "1416653754626");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
[j0bwoh1k.default\prefs.js] - Zeile gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Katharina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j0bwoh1k.default\\\\extensions\\\\abs[...]

*************************

AdwCleaner[R0].txt - [10003 octets] - [31/01/2015 21:02:40]
AdwCleaner[S0].txt - [8725 octets] - [31/01/2015 21:04:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8785 octets] ##########
Log vom JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Katharina on 31.01.2015 at 21:22:56,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Katharina\\\\AppData\\\\Roa
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"149d724d0fa8b-005226cfc521298-40524136-0-149d724d0fb2c4\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1423340235");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"fd9f4304efcfd5048d833a8c1473e829aed6e8d4\"");
user_pref("extensions.safesearch.SAUTH_userid", "5819772343");
user_pref("extensions.safesearch.SAUTH_utoken", "\"b0017228c7dcab3deab4ca93e5a05faf072e3806\"");
user_pref("extensions.safesearch.install", "1422735437212");
user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\Katharina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j0bwoh1k.def
Emptied folder: C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\j0bwoh1k.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.01.2015 at 21:26:47,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier die FRST:
Die Addition ist nicht mehr von vornherein mit einem Häckchen versehen und ich bekomme davon auch keinen Log. Soll ich die Addition extra anklicken?


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Katharina (administrator) on KATHARINA-PC on 31-01-2015 21:38:30
Running from C:\Users\Katharina\Desktop
Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-23] (CyberLink Corp.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE404DE404
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\abs@avira.com [2015-01-23]
FF Extension: Lightbeam - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-01-26]
FF Extension: Adblock Edge - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-30]
FF HKLM-x32\...\Firefox\Extensions: [fe_4.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0
FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012-01-04]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012-01-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Verifies and fixes application compatibility issues; C:\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 21:38 - 2015-01-31 21:38 - 02130944 _____ (Farbar) C:\Users\Katharina\Desktop\FRST64.exe
2015-01-31 21:26 - 2015-01-31 21:26 - 00002273 _____ () C:\Users\Katharina\Desktop\JRT.txt
2015-01-31 21:22 - 2015-01-31 21:22 - 00000000 ____D () C:\Windows\ERUNT
2015-01-31 21:19 - 2015-01-31 21:19 - 01707939 _____ (Thisisu) C:\Users\Katharina\Desktop\JRT.exe
2015-01-31 21:14 - 2015-01-31 21:14 - 00003416 ____N () C:\bootsqm.dat
2015-01-31 21:02 - 2015-01-31 21:04 - 00000000 ____D () C:\AdwCleaner
2015-01-31 21:01 - 2015-01-31 21:01 - 02194432 _____ () C:\Users\Katharina\Desktop\AdwCleaner_4.109.exe
2015-01-31 19:33 - 2015-01-31 20:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-31 19:33 - 2015-01-31 19:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 19:33 - 2015-01-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 19:32 - 2015-01-31 20:01 - 00000000 ____D () C:\Users\Katharina\Desktop\mbar
2015-01-31 19:32 - 2015-01-31 19:32 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 19:31 - 2015-01-31 19:32 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Katharina\Desktop\mbar-1.08.3.1004.exe
2015-01-31 19:16 - 2015-01-31 19:16 - 00030703 _____ () C:\ComboFix.txt
2015-01-31 19:03 - 2015-01-31 19:16 - 00000000 ____D () C:\Qoobox
2015-01-31 19:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-31 19:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-31 19:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-31 19:02 - 2015-01-31 19:15 - 00000000 ____D () C:\Windows\erdnt
2015-01-31 19:01 - 2015-01-31 19:01 - 05611408 ____R (Swearware) C:\Users\Katharina\Desktop\ComboFix.exe
2015-01-31 17:15 - 2015-01-31 17:15 - 00050220 _____ () C:\Users\Katharina\Desktop\Addition.txt
2015-01-31 17:07 - 2015-01-31 21:38 - 00022457 _____ () C:\Users\Katharina\Desktop\FRST.txt
2015-01-30 19:03 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-30 19:03 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-30 15:32 - 2015-01-31 21:38 - 00000000 ____D () C:\FRST
2015-01-30 13:54 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-30 13:54 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-29 23:53 - 2015-01-30 13:43 - 00008192 _____ () C:\Windows\system32\persistent_q.db
2015-01-29 23:53 - 2015-01-30 13:42 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-01-29 23:53 - 2015-01-30 13:42 - 00023088 _____ () C:\Windows\system32\persistent_q.db-wal
2015-01-29 23:52 - 2015-01-29 23:52 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
2015-01-28 15:30 - 2015-01-28 15:57 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-28 14:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-28 14:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-28 14:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-28 14:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-28 14:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-28 14:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-28 14:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-28 14:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-28 14:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-28 14:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-28 14:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 14:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-28 14:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-28 14:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-28 14:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-28 14:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-28 14:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-28 14:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-28 14:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-28 14:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-28 09:12 - 2015-01-28 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 13:45 - 2015-01-27 13:45 - 00002330 _____ () C:\Users\Katharina\Desktop\Sicherer Zahlungsverkehr.lnk
2015-01-27 13:43 - 2015-01-27 13:43 - 00003402 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 11:23 - 2015-01-27 11:23 - 00002330 _____ () C:\Users\Admin\Desktop\Sicherer Zahlungsverkehr.lnk
2015-01-27 11:22 - 2015-01-27 11:22 - 00002144 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-27 11:22 - 2015-01-27 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-27 11:22 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-27 11:20 - 2015-01-31 21:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-27 11:20 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-27 11:03 - 2015-01-27 11:05 - 204166464 _____ () C:\Users\Katharina\Downloads\kis15.0.1.415de_6844.exe
2015-01-23 22:38 - 2015-01-27 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-23 22:38 - 2015-01-23 22:38 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-23 22:37 - 2015-01-27 11:13 - 00000000 ____D () C:\ProgramData\Avira
2015-01-23 22:36 - 2015-01-23 22:36 - 04514312 _____ (Avira Operations & Co. KG) C:\Users\Katharina\Downloads\avira_de_av_5802373949__ws.exe
2015-01-19 19:58 - 2015-01-19 19:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 19:57 - 2015-01-28 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 19:57 - 2015-01-19 19:58 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 19:55 - 2015-01-19 19:56 - 39724152 _____ () C:\Users\Katharina\Downloads\Firefox_Setup_35.0.exe
2015-01-19 19:47 - 2015-01-28 14:12 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieSiteList
2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieUserList
2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieBrowserModeList
2015-01-19 15:15 - 2015-01-19 15:15 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-15 18:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 18:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 18:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 18:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 18:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 18:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 18:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 18:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 18:30 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 18:30 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 18:30 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 14:54 - 2015-01-27 01:08 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-15 14:52 - 2015-01-27 10:57 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\Panda Security
2015-01-15 14:51 - 2015-01-27 10:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-15 14:50 - 2015-01-27 10:58 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-13 23:14 - 2015-01-29 15:51 - 00000112 _____ () C:\ProgramData\vNJJbE.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 21:31 - 2010-09-15 16:10 - 02042163 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 21:15 - 2010-11-01 17:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 21:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 21:14 - 2010-09-15 16:07 - 00401332 _____ () C:\Windows\PFRO.log
2015-01-31 21:14 - 2009-07-14 05:51 - 00260133 _____ () C:\Windows\setupact.log
2015-01-31 21:02 - 2010-11-01 17:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 19:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-31 19:14 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-31 17:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-31 16:55 - 2011-01-13 17:59 - 00001421 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 16:00 - 2010-11-03 20:08 - 00000000 ____D () C:\Users\Admin
2015-01-30 08:34 - 2014-07-02 09:54 - 00000000 ____D () C:\Users\Gast
2015-01-30 08:34 - 2010-11-01 14:30 - 00000000 ____D () C:\Users\Katharina
2015-01-30 08:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-29 11:55 - 2010-09-16 02:02 - 01398844 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 11:55 - 2010-09-16 02:02 - 00374018 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 11:55 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:26 - 2011-08-24 10:12 - 00000000 ____D () C:\Users\Katharina\Documents\Steuern
2015-01-28 15:11 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 15:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-28 14:12 - 2010-11-01 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-27 17:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-27 17:53 - 2010-11-13 16:09 - 00000000 ____D () C:\Users\Katharina\AppData\Local\CutePDF Writer
2015-01-27 11:27 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-27 11:27 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-27 11:27 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-27 11:23 - 2011-01-13 17:59 - 00148104 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 11:13 - 2012-11-03 14:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-27 11:00 - 2010-11-01 14:30 - 00148104 _____ () C:\Users\Katharina\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 11:00 - 2009-07-14 05:45 - 00518584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 10:31 - 2012-03-29 21:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 10:31 - 2012-03-14 19:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 20:53 - 2014-08-23 22:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-23 22:37 - 2014-08-07 08:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-15 19:06 - 2013-07-13 12:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2012-06-30 21:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 17:09 - 2014-11-26 11:06 - 00000000 ____D () C:\Temp
2015-01-07 21:02 - 2014-11-13 17:28 - 00000000 ____D () C:\Users\Katharina\Desktop\ideen-sammlung
2015-01-06 04:36 - 2010-11-01 17:52 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-11-19 21:57 - 2014-11-19 21:57 - 6000640 _____ () C:\Program Files (x86)\GUTA17D.tmp
2011-07-10 17:07 - 2014-07-03 19:18 - 0014848 _____ () C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-05 18:58 - 2014-07-05 18:58 - 0000218 _____ () C:\Users\Katharina\AppData\Local\recently-used.xbel
2010-09-15 16:31 - 2010-09-15 16:34 - 0016104 _____ () C:\ProgramData\ArcadeDeluxe4.log
2011-01-17 19:30 - 2011-01-17 19:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-07-02 12:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2014-06-14 21:50 - 2014-06-14 21:50 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2015-01-13 23:14 - 2015-01-29 15:51 - 0000112 _____ () C:\ProgramData\vNJJbE.dat

Files to move or delete:
====================
C:\ProgramData\vNJJbE.dat


Some content of TEMP:
====================
C:\Users\Katharina\AppData\Local\Temp\Quarantine.exe
C:\Users\Katharina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 01:16

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 31.01.2015 21:52
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

AKK87 31.01.2015 22:05
Ok, dann hier die ganz aktuelle FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Katharina (administrator) on KATHARINA-PC on 31-01-2015 22:02:16
Running from C:\Users\Katharina\Desktop
Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775072 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-04-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [320000 2009-04-09] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-05-25] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-04-23] (CyberLink Corp.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-915058341-270865521-300301036-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE404DE404
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-915058341-270865521-300301036-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Avira Browser Safety - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\abs@avira.com [2015-01-23]
FF Extension: Lightbeam - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-01-26]
FF Extension: Adblock Edge - C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\j0bwoh1k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-30]
FF HKLM-x32\...\Firefox\Extensions: [fe_4.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0
FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012-01-04]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: No Name - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012-01-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [821792 2010-06-11] (Acer Incorporated)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Verifies and fixes application compatibility issues; C:\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 21:38 - 2015-01-31 21:38 - 02130944 _____ (Farbar) C:\Users\Katharina\Desktop\FRST64.exe
2015-01-31 21:26 - 2015-01-31 21:26 - 00002273 _____ () C:\Users\Katharina\Desktop\JRT.txt
2015-01-31 21:22 - 2015-01-31 21:22 - 00000000 ____D () C:\Windows\ERUNT
2015-01-31 21:19 - 2015-01-31 21:19 - 01707939 _____ (Thisisu) C:\Users\Katharina\Desktop\JRT.exe
2015-01-31 21:14 - 2015-01-31 21:14 - 00003416 ____N () C:\bootsqm.dat
2015-01-31 21:02 - 2015-01-31 21:04 - 00000000 ____D () C:\AdwCleaner
2015-01-31 21:01 - 2015-01-31 21:01 - 02194432 _____ () C:\Users\Katharina\Desktop\AdwCleaner_4.109.exe
2015-01-31 19:33 - 2015-01-31 20:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-31 19:33 - 2015-01-31 19:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 19:33 - 2015-01-31 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 19:32 - 2015-01-31 20:01 - 00000000 ____D () C:\Users\Katharina\Desktop\mbar
2015-01-31 19:32 - 2015-01-31 19:32 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 19:31 - 2015-01-31 19:32 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Katharina\Desktop\mbar-1.08.3.1004.exe
2015-01-31 19:16 - 2015-01-31 19:16 - 00030703 _____ () C:\ComboFix.txt
2015-01-31 19:03 - 2015-01-31 19:16 - 00000000 ____D () C:\Qoobox
2015-01-31 19:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-31 19:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-31 19:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-31 19:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-31 19:02 - 2015-01-31 19:15 - 00000000 ____D () C:\Windows\erdnt
2015-01-31 19:01 - 2015-01-31 19:01 - 05611408 ____R (Swearware) C:\Users\Katharina\Desktop\ComboFix.exe
2015-01-31 17:15 - 2015-01-31 17:15 - 00050220 _____ () C:\Users\Katharina\Desktop\Addition.txt
2015-01-31 17:07 - 2015-01-31 22:02 - 00022400 _____ () C:\Users\Katharina\Desktop\FRST.txt
2015-01-30 19:03 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-30 19:03 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-30 15:32 - 2015-01-31 22:02 - 00000000 ____D () C:\FRST
2015-01-30 13:54 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-30 13:54 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-29 23:53 - 2015-01-30 13:43 - 00008192 _____ () C:\Windows\system32\persistent_q.db
2015-01-29 23:53 - 2015-01-30 13:42 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-01-29 23:53 - 2015-01-30 13:42 - 00023088 _____ () C:\Windows\system32\persistent_q.db-wal
2015-01-29 23:52 - 2015-01-29 23:52 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
2015-01-28 15:30 - 2015-01-28 15:57 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-28 14:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-28 14:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-28 14:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-28 14:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-28 14:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-28 14:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-28 14:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-28 14:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-28 14:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-28 14:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-28 14:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 14:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-28 14:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-28 14:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-28 14:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-28 14:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-28 14:20 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-28 14:20 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-28 14:20 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-28 14:20 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-28 09:12 - 2015-01-28 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 13:45 - 2015-01-27 13:45 - 00002330 _____ () C:\Users\Katharina\Desktop\Sicherer Zahlungsverkehr.lnk
2015-01-27 13:43 - 2015-01-27 13:43 - 00003402 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 11:23 - 2015-01-27 11:23 - 00002330 _____ () C:\Users\Admin\Desktop\Sicherer Zahlungsverkehr.lnk
2015-01-27 11:22 - 2015-01-27 11:22 - 00002144 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-27 11:22 - 2015-01-27 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-27 11:22 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-27 11:20 - 2015-01-31 21:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-27 11:20 - 2015-01-27 11:20 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-27 11:20 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-27 11:03 - 2015-01-27 11:05 - 204166464 _____ () C:\Users\Katharina\Downloads\kis15.0.1.415de_6844.exe
2015-01-23 22:38 - 2015-01-27 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-23 22:38 - 2015-01-23 22:38 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-23 22:37 - 2015-01-27 11:13 - 00000000 ____D () C:\ProgramData\Avira
2015-01-23 22:36 - 2015-01-23 22:36 - 04514312 _____ (Avira Operations & Co. KG) C:\Users\Katharina\Downloads\avira_de_av_5802373949__ws.exe
2015-01-19 19:58 - 2015-01-19 19:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-19 19:57 - 2015-01-28 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 19:57 - 2015-01-19 19:58 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-19 19:55 - 2015-01-19 19:56 - 39724152 _____ () C:\Users\Katharina\Downloads\Firefox_Setup_35.0.exe
2015-01-19 19:47 - 2015-01-28 14:12 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieSiteList
2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieUserList
2015-01-19 19:47 - 2015-01-19 19:47 - 00000000 __SHD () C:\Users\Katharina\AppData\Local\EmieBrowserModeList
2015-01-19 15:15 - 2015-01-19 15:15 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-15 18:43 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 18:43 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 18:43 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 18:43 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 18:43 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 18:43 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 18:43 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 18:43 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 18:30 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 18:30 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 18:30 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 18:29 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 14:54 - 2015-01-27 01:08 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-01-15 14:52 - 2015-01-27 10:57 - 00000000 ____D () C:\Users\Katharina\AppData\Roaming\Panda Security
2015-01-15 14:51 - 2015-01-27 10:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-15 14:50 - 2015-01-27 10:58 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-13 23:35 - 2015-01-13 23:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-13 23:32 - 2015-01-24 07:40 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-13 23:14 - 2015-01-29 15:51 - 00000112 _____ () C:\ProgramData\vNJJbE.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 22:02 - 2010-11-01 17:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 21:31 - 2010-09-15 16:10 - 02042163 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 21:23 - 2009-07-14 05:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 21:15 - 2010-11-01 17:33 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 21:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 21:14 - 2010-09-15 16:07 - 00401332 _____ () C:\Windows\PFRO.log
2015-01-31 21:14 - 2009-07-14 05:51 - 00260133 _____ () C:\Windows\setupact.log
2015-01-31 19:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-31 19:14 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-31 17:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-31 16:55 - 2011-01-13 17:59 - 00001421 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-30 16:00 - 2010-11-03 20:08 - 00000000 ____D () C:\Users\Admin
2015-01-30 08:34 - 2014-07-02 09:54 - 00000000 ____D () C:\Users\Gast
2015-01-30 08:34 - 2010-11-01 14:30 - 00000000 ____D () C:\Users\Katharina
2015-01-30 08:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-29 11:55 - 2010-09-16 02:02 - 01398844 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 11:55 - 2010-09-16 02:02 - 00374018 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 11:55 - 2009-07-14 06:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:26 - 2011-08-24 10:12 - 00000000 ____D () C:\Users\Katharina\Documents\Steuern
2015-01-28 15:11 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-28 15:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-28 14:12 - 2010-11-01 17:50 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-01-27 17:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-27 17:53 - 2010-11-13 16:09 - 00000000 ____D () C:\Users\Katharina\AppData\Local\CutePDF Writer
2015-01-27 11:27 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-27 11:27 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-27 11:27 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-27 11:23 - 2011-01-13 17:59 - 00148104 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 11:13 - 2012-11-03 14:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-27 11:00 - 2010-11-01 14:30 - 00148104 _____ () C:\Users\Katharina\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 11:00 - 2009-07-14 05:45 - 00518584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 10:31 - 2012-03-29 21:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 10:31 - 2012-03-14 19:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 20:53 - 2014-08-23 22:09 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-23 22:37 - 2014-08-07 08:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-15 19:06 - 2013-07-13 12:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 18:46 - 2012-06-30 21:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 17:09 - 2014-11-26 11:06 - 00000000 ____D () C:\Temp
2015-01-07 21:02 - 2014-11-13 17:28 - 00000000 ____D () C:\Users\Katharina\Desktop\ideen-sammlung
2015-01-06 04:36 - 2010-11-01 17:52 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-11-19 21:57 - 2014-11-19 21:57 - 6000640 _____ () C:\Program Files (x86)\GUTA17D.tmp
2011-07-10 17:07 - 2014-07-03 19:18 - 0014848 _____ () C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-05 18:58 - 2014-07-05 18:58 - 0000218 _____ () C:\Users\Katharina\AppData\Local\recently-used.xbel
2010-09-15 16:31 - 2010-09-15 16:34 - 0016104 _____ () C:\ProgramData\ArcadeDeluxe4.log
2011-01-17 19:30 - 2011-01-17 19:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-07-02 12:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2014-06-14 21:50 - 2014-06-14 21:50 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
2015-01-13 23:14 - 2015-01-29 15:51 - 0000112 _____ () C:\ProgramData\vNJJbE.dat

Files to move or delete:
====================
C:\ProgramData\vNJJbE.dat


Some content of TEMP:
====================
C:\Users\Katharina\AppData\Local\Temp\Quarantine.exe
C:\Users\Katharina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 01:16

==================== End Of Log ============================
--- --- ---


und die Addition:

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-01-2015 01
Ran by Katharina at 2015-01-31 22:02:53
Running from C:\Users\Katharina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.0.7615 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.0.7615 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6423 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.3.5 - Liteon)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.02.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0222.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}) (Version: 1.2.17.05001 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.17.05001 - Alcor Micro Corp.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{F5816A09-786E-C91D-3D99-8A8C92648750}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden
Camera Support Core Library (x32 Version: 7.1.0.11 - Canon) Hidden
Camera Window DS (x32 Version: 5.0 - Canon) Hidden
Camera Window DVC (x32 Version: 5.0 - Canon) Hidden
Camera Window MC (x32 Version: 5.0 - Canon) Hidden
Canon Camera Support Core Library (HKLM-x32\...\InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}) (Version: 7.1.0.11 - Canon)
Canon Camera Window DS for ZoomBrowser EX (HKLM-x32\...\InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}) (Version: 5.0 - Canon)
Canon Camera Window DVC for ZoomBrowser EX (HKLM-x32\...\InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}) (Version: 5.0 - Canon)
Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}) (Version: 5.0 - Canon)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}) (Version: 1.2.0.21 - Canon)
Canon PhotoRecord (HKLM-x32\...\{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}) (Version: 02.01.00069 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}) (Version: 1.2 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}) (Version: 1.1 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.00.0000 - Canon)
ccc-core-static (x32 Version: 2010.0421.657.10561 - Ihr Firmenname) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Freecom GREEN BUTTON 1.68 (HKLM-x32\...\Freecom GREEN BUTTON_is1) (Version:  - Freecom)
Freecom Product Update 1.06 (HKLM-x32\...\Freecom Product Update_is1) (Version:  - Freecom)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Internet Library (x32 Version: 1.3.3 - Canon Inc.) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MovieEdit Task (x32 Version: 1.2.0.21 - Canon) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.2.100.0 - Nokia)
Nokia Suite (x32 Version: 3.2.100.0 - Nokia) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
Optical Drive Power Management (HKLM-x32\...\{AE09C972-EEB2-4DA5-8090-0FCF54576854}) (Version: 1.01.3007 - Acer Incorporated)
PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
PhotoStitch (x32 Version: 3.1.14 - Canon) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
RAW Image Task 1.2 (x32 Version: 1.2 - Canon) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6096 - Realtek Semiconductor Corp.)
RemoteCapture Task 1.1 (x32 Version: 1.1 - Canon) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-915058341-270865521-300301036-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Katharina\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

19-01-2015 15:05:25 Windows Update
22-01-2015 22:20:50 Windows Update
28-01-2015 08:40:52 Windows Update
28-01-2015 14:07:02 OpenOffice.org 3.2 wird entfernt
28-01-2015 14:18:45 Windows Update
28-01-2015 15:52:31 Removed Apple Application Support
28-01-2015 15:55:30 Removed QuickTime 7
29-01-2015 15:56:39 Windows Update
29-01-2015 22:38:22 Windows Update
30-01-2015 19:19:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-31 19:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02012F14-E83A-49B6-B5FD-3941383119CB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1EF8307B-611E-42FB-B7A1-D9DCAD70A4E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {25F7AE35-7C51-43FB-9D02-4C3664B6FF2A} - System32\Tasks\{0F4D9BCA-E99A-4C21-A2D4-B6EDCE2CA8D2} => C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe [2009-08-21] (Pinnacle Systems)
Task: {3077D501-8B37-4D72-8527-DE3C70D64A9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {595EB79A-7DF6-4119-A16E-739A7943178F} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {7F84C298-4234-4292-8A57-B868525E4438} - System32\Tasks\{93150DFB-96BB-41D2-B762-9401216848A7} => C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe [2009-08-21] (Pinnacle Systems)
Task: {9AADA551-4AA3-4D74-9941-A413395DA1B2} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14] (Scansoft, Inc.)
Task: {BC71D0A6-390B-4BE4-8FD1-AE7C4FBDDCB4} - System32\Tasks\{DA61F103-4DCD-44EA-AF42-4BEBCC79CA28} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {E38705BA-0431-4C7F-A706-8530FF747056} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-13 16:08 - 2009-11-05 07:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-09-15 16:32 - 2010-02-03 09:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2010-03-26 10:46 - 2010-03-26 10:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-03-26 09:41 - 2010-03-26 09:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-15 16:10 - 2010-09-15 16:10 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-05-25 01:16 - 2010-05-25 01:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-05-25 01:09 - 2010-05-25 01:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-07-02 13:00 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-12-19 12:33 - 2014-12-19 12:33 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-07-02 12:24 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2015-01-28 09:12 - 2015-01-28 09:12 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2015-01-27 11:27 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2015-01-27 11:27 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2015-01-27 11:27 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\Katharina\Desktop\PA124315.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-915058341-270865521-300301036-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-915058341-270865521-300301036-500 - Administrator - Disabled)
Gast (S-1-5-21-915058341-270865521-300301036-501 - Limited - Disabled) => C:\Users\Gast
Katharina (S-1-5-21-915058341-270865521-300301036-1000 - Administrator - Enabled) => C:\Users\Katharina

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-31 19:13:20.834
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-31 19:13:20.600
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-20 19:58:34.448
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:58:34.246
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:57:22.762
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:57:22.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:57:08.896
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:57:08.675
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:56:00.521
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-20 19:56:00.329
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3766.69 MB
Available physical RAM: 2108.85 MB
Total Pagefile: 7531.56 MB
Available Pagefile: 5345.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:359.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9B473814)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

cosinus 31.01.2015 22:24
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\ProgramData\vNJJbE.dat
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


AKK87 31.01.2015 22:38
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015 01
Ran by Katharina at 2015-01-31 22:27:51 Run:1
Running from C:\Users\Katharina\Desktop
Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\ProgramData\vNJJbE.dat
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
EmptyTemp:
Hosts:
*****************

"HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\ProgramData\vNJJbE.dat => Moved successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":1A60DE96" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":93EB7685" ADS removed successfully.
C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
C:\ProgramData\Temp => ":E3C56885" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 521 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:28:47 ====
Anschließend wollte das Programm, dass der Laptop neu gestartet wird, das hab ich gemacht.

cosinus 31.01.2015 22:45
Virenscanner bitte deaktivieren, dann den Fix wiederholen

AKK87 31.01.2015 22:53
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015 01
Ran by Katharina at 2015-01-31 22:47:51 Run:2
Running from C:\Users\Katharina\Desktop
Loaded Profiles: Katharina (Available profiles: Katharina & Admin & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\ProgramData\vNJJbE.dat
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
EmptyTemp:
Hosts:
*****************

HKU\S-1-5-21-915058341-270865521-300301036-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"C:\ProgramData\vNJJbE.dat" => File/Directory not found.
"C:\ProgramData\Temp" => ":0B9176C0" ADS not found.
"C:\ProgramData\Temp" => ":1A60DE96" ADS not found.
"C:\ProgramData\Temp" => ":4D066AD2" ADS not found.
"C:\ProgramData\Temp" => ":5D7E5A8F" ADS not found.
"C:\ProgramData\Temp" => ":798A3728" ADS not found.
"C:\ProgramData\Temp" => ":93EB7685" ADS not found.
"C:\ProgramData\Temp" => ":CDFF58FE" ADS not found.
"C:\ProgramData\Temp" => ":E1F04E8D" ADS not found.
"C:\ProgramData\Temp" => ":E36F5B57" ADS not found.
"C:\ProgramData\Temp" => ":E3C56885" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 15.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:47:55 ====

cosinus 01.02.2015 01:12
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


AKK87 02.02.2015 13:31
Hier das Log von Mbam:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 02.02.2015
Suchlauf-Zeit: 10:55:11
Logdatei: mbamlog.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.02.01
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Katharina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 447354
Verstrichene Zeit: 24 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 11
PUP.Optional.Snapdo.T, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [8a1fde3b385261d585735add48bb9070],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [efba1108246690a648b839fb946f966a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [efba1108246690a648b839fb946f966a],
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [555410095733072f97f9c4c045be39c7],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, In Quarantäne, [faaf4ccdb3d792a4730b23909a6922de],
PUP.Optional.SmartBar, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [1c8d21f84644f64034495c9bd92b5ba5],
PUP.Optional.SmartBar, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [9f0a1306aae00b2b89f325d26f9546ba],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [179260b9fc8e7cbaaca942876c9755ab],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [832626f3c6c4d3632544409f57adcc34],
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [5950c059ee9cb680401f8912ff04ca36],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [2287ff1a9eecd95d543452525da68779],

Registrierungswerte: 4
PUP.Optional.InstallCore.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, In Quarantäne, [832626f3c6c4d3632544409f57adcc34]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [634623f690faef472f42ccd6ad56c739]
PUP.Optional.SmartBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Admin\AppData\Local\Smartbar\Application\SafeFinder.exe startup, In Quarantäne, [d1d8ad6cf59533037ca3d80624e053ad]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, IrsSF, In Quarantäne, [5950c059ee9cb680401f8912ff04ca36]

Registrierungsdaten: 6
PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[862328f115753ff7c6822e775baac13f]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZ6UDM1tEe65GVSWnrzlvhaJSCOjqJt6nkpL6V45FzKa_8u2SPrnwhxIJGdYH46uNUKgEQwC5EOrWDt3ZRYPfA,,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZ6UDM1tEe65GVSWnrzlvhaJSCOjqJt6nkpL6V45FzKa_8u2SPrnwhxIJGdYH46uNUKgEQwC5EOrWDt3ZRYPfA,,),Ersetzt,[a10847d2b1d96fc7c4859b0a45c021df]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[faaf48d1b2d89c9aae99238251b416ea]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[41689c7d454586b0fe4cdfc6b451c937]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[535623f6e8a2da5c65e6f2b3d72e5da3]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-915058341-270865521-300301036-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HtrWRk1vg3vvklUeJzw5u3iCrzXP3GlWfORiirFEnehNU1BPEj2v4kIbVg-3ommZZKHg57W-32wAqGrwH6UDOtS5xOjkanUWJKdovmENHrq2YcYjtXl4OsGdqf-ATv3d6o5J5OAe8FZS5-VtMOHLw,,&q={searchTerms}),Ersetzt,[3d6ced2cd7b361d577cfa401699ced13]

Ordner: 2
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],

Dateien: 12
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [dbce2cedf991280e523cdea6f90ac739],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Und von ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bb30e862f6fc854eae71deba0d969080
# engine=22260
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-02 12:17:06
# local_time=2015-02-02 01:17:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 9838 50451056 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 148306 174509276 0 0
# scanned=202065
# found=98
# cleaned=76
# scan_time=4316
sh=BF9DFFEFCCB98DC98AE6E19AD270FF0831B8A10C ft=1 fh=bcc35720bc203060 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=06CDBC71C6BDB9E93948C5CE2F49A08F97A0DDC6 ft=1 fh=ee606ee69e82f760 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=46E4E1539DFE69AD69D43638A000EFCA4074C359 ft=1 fh=a2d4323422aa0320 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=549F9D02F1BB82B1AE776E8824051088CAFD9369 ft=1 fh=9b9fb80f44c4acb2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.AdvancedExeLauncherPlugin.dll.vir"
sh=C742319F480AB0BD6F4A8C4B12D4AC161BB07B92 ft=1 fh=77ff0dd2c6329cc6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.CustomControl.dll.vir"
sh=297D783EA1B3B0CB34EBCC34DC78237E5CAD7AFE ft=1 fh=8b517a8c8384579c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir"
sh=110752710CFF65EE8907962F75DD2889196F30E7 ft=1 fh=79060f56cc622fd7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir"
sh=C913CAD86540FFDF52389FF54E0163E7C09885AD ft=1 fh=eae5d36e67f1a44e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll.vir"
sh=044C6C40C001C097AA2B44471BA05DC09EA8A803 ft=1 fh=f23ec7f6bdf7579e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir"
sh=A27D5B20809A5107590B4943EE7CABBF394BEDB3 ft=1 fh=b56e3bb8d53defcc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll.vir"
sh=C30936E2A17E58D0EB4AF2597ABEE10517C9DB70 ft=1 fh=ab2dfa641eb68ce0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir"
sh=14CD07E24E23510F2395B3D1A4BEFF2573EE52EA ft=1 fh=a25d9b6f08145a4e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir"
sh=CEA566AE9EDCECDBC376341B5B0D7BF2FB3AC6D8 ft=1 fh=55130af85ebaf5dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir"
sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir"
sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir"
sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir"
sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir"
sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir"
sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir"
sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
sh=C1E7128B7615A45DA58ACD5C03A4E915F7AC986C ft=1 fh=78ef2f13776efa13 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=114C6E3F181D885217F01A57AB6BA7AE5967D591 ft=1 fh=2c9a496a72d31deb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\FiddlerCore.dll.vir"
sh=A5CAF7BEB27101EC3E7B41B09E056B864DF4BDFF ft=1 fh=847815f449274230 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\HtmlAgilityPack.dll.vir"
sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir"
sh=58818140D13797517B52324639762C1B45C297B4 ft=1 fh=08ad2334842d4386 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Interop.WMPLib.dll.vir"
sh=ADF6D117CFE623A1B97CEA9CAF936A4973A35ADC ft=1 fh=cd46d83671e9cd1a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\lrcnt.dll.vir"
sh=D3E46188CF09745BC751C54AC3AAFE57116DCF8F ft=1 fh=9194259f90a1d6ee vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=673FB4B5DA4C88B4440493FC5F7B42D31B0BBAC2 ft=1 fh=4e0ca983ccf491eb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll.vir"
sh=17A024B5B64729BC61709AB159B6DF8C9A88AF70 ft=1 fh=4f77376a18715ed7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\MouseKeyboardActivityMonitor.dll.vir"
sh=CB2A499BF0F0AEC42A32EA6FB49E5C7A1387B731 ft=1 fh=c01d6e9ffa6b1b07 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\NDde.dll.vir"
sh=6EF2C2BBAA6B6A123520CE9E0FDEE8FB48996A1C ft=1 fh=b94d2e8b2480d19a vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir"
sh=D107A7BF0EEE8DB497D22845EA7A7B5991939E04 ft=1 fh=24607777d1fa6626 vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SafeFinder.exe.vir"
sh=E6FBB1312275455FB792F695EF5DDEDAF71D2AE1 ft=1 fh=30adbcb27ed99483 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sgml.dll.vir"
sh=20A4D5E2F0B7C137777E496FAB23DEE6E06E3524 ft=1 fh=7b5a72c277444801 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sgmu.dll.vir"
sh=0033FE6FE71DC396AB919B116278353819256B0C ft=1 fh=0006fd960dfeb9f3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sidb.dll.vir"
sh=0C7A42439BEEF7EB2F94E84EDE04087019542FA4 ft=1 fh=515e1ebef8bf206b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\siem.dll.vir"
sh=04D88C1CEB00E6933454F34E41B9575BC1319A6C ft=1 fh=f3e91c601b54c988 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sipb.dll.vir"
sh=5BCF4BA3ACFC0BAA9356126C8C7ED2117CCE8C22 ft=1 fh=87afd833b390c9fe vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sismlp.dll.vir"
sh=EA18A604D11EC45F2266DB24254714B79C4F35A2 ft=1 fh=cc8ee0312df4ba4f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=FBF8E49FD9D37F3D9874E5ABC9436D2F81D55085 ft=1 fh=54095d011e83f0b8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll.vir"
sh=A2825E519156018306A8FFD5DBF67B59B37E1136 ft=1 fh=6bf0356f5cc92e27 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=09EDBEECD9103ADA50B5AEA9AC67B184F44EA060 ft=1 fh=42e9b727b2791417 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll.vir"
sh=6969273B865E0307DAEF794663BFD4C271CD8AEF ft=1 fh=e3b5e6d727a7f6f4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=F4A4A6963491B03113B38821448BD88395048E6D ft=1 fh=d66d91154cc13bbf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=91F565E6DEAC96C221ABC7787BEE0C86DAD7D2F6 ft=1 fh=3d9c9a19cee0d003 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=410F4566A23F6EA44752A053105B2CC6D6FBD07F ft=1 fh=86b5d2181ab5de30 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=D96042AAA80BD4C0306EA0063156611FEEA74A85 ft=1 fh=e70a2660d5f6c0b5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll.vir"
sh=AC134A0F214DED8D601A9785D0D920BBD142007C ft=1 fh=7b1cd79802350fec vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=B2A8486BD208A238F5C3F5DBF866F1E75CBFF195 ft=1 fh=7b91c828d2f39c59 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll.vir"
sh=8E1ED695BEBF88737C583414D408A629FA65E3CB ft=1 fh=f7aa3ee04e9931b8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=3711F1AF60B408CF6F8C451ED68F278F11C183E7 ft=1 fh=a0727a4ee55f611f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll.vir"
sh=C2116C191D3880DDB94802997C1760BAAE087514 ft=1 fh=68531ad2e8a4ad87 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll.vir"
sh=0DB5112CC767CAB353B1469DC7C739DBCCECF8D3 ft=1 fh=fe88d03dc3710b3e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll.vir"
sh=3D2D2383F305492951D3369C494F63901DD544E4 ft=1 fh=f0c18d3c2056f8a2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.Resources.Translations.dll.vir"
sh=F4E5A2012D5E79A9EBBFCFB934EB87B96BC48A45 ft=1 fh=0dc685995b975b5d vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=F4E5A2012D5E79A9EBBFCFB934EB87B96BC48A45 ft=1 fh=0dc685995b975b5d vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=E8D6AA17037015B0858541531CD3B851B4F3FF1C ft=1 fh=05b891725166971f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=05805644B7FE45BF1DCC457ADF4A352E359922F8 ft=1 fh=227b75759294be95 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=7BE77DF019E029BF5117DBE706D2DA7D0AD1C483 ft=1 fh=f8922ba1a168b5d7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\smti.dll.vir"
sh=B953B6A6D2D6EF491CDB2EEAF426918FA822B8D7 ft=1 fh=cd6b5ef2c9976ddd vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=E3BE6A2EE992C6D92035F88F8AEB57F7449C72A6 ft=1 fh=727aa1e8373b8b40 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=12A49A043D2BA4D7EF89D63B8F9CB01C5B1657EB ft=1 fh=13c8ba1a30c4dd7e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=A3C493E5A5394ECDD46194EF9641A89CE3D44C3B ft=1 fh=75c0a737d5be8013 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=D717905F02500A6A3DFA260047750E228C987B9F ft=1 fh=e9240de195759d2b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spsm.dll.vir"
sh=47947F446F711DD84D9D5741C5FB9EDCB6692424 ft=1 fh=8fea365fcc399b5e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=445B1360CE8CC6E3043E8B022993D296143C8C0E ft=1 fh=13b6632dc26d469b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=76F3122675C188B421D357896F132E68267E8C46 ft=1 fh=884a81d3a6f4992f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srbhu.dll.vir"
sh=79142C37963F0A048FBFA19FC133BFF1DDEFA32F ft=1 fh=90bfb6ec9c714dc8 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=E6B2358A745818FBC006E685BE27C9BDBF367CE5 ft=1 fh=968399f392e56fd6 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=7AAF8CF271FAF87509E300F5CCF50852428DF31F ft=1 fh=cb1cff1653495c68 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sreu.dll.vir"
sh=FB93E20DE89F5207AADF3E10DC8AD72ABD0908B7 ft=1 fh=8f93196acb36a2ab vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srgu.dll.vir"
sh=669EF8022EE93776EAA358B754B2226ADDB53BFE ft=1 fh=7a334fabc2c1691c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srns.dll.vir"
sh=577905B03B80304FF4B6AD5C09774D070FFBEC44 ft=1 fh=8d4884d0d498f7c4 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srom.dll.vir"
sh=06BEFF3884E46FB37FA934EC2B6846CD35E71321 ft=1 fh=48a29238bb3e6c9f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srpdm.dll.vir"
sh=F4F2F43AAF844E700DCF7424561239E282A6FE64 ft=1 fh=f95de7fd860d7309 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srprl.dll.vir"
sh=5588A98C8A2CF26B1A99B76DADFAE0D9F1745D78 ft=1 fh=fe078e160e83b3ed vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=5384E7AE3A0FE5665A7C0CD9965BFAA4EDF8121F ft=1 fh=7627a467a68e1cfc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srsbs.dll.vir"
sh=4E701E7BDB47145778BCD2A66CF447BE7AECC3F2 ft=1 fh=1c355c557b2dfadd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srsbsau.dll.vir"
sh=F1A36B344B0A3BB9AFF8D2CB72F3083BD421D6E9 ft=1 fh=edab83601761379f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srsl.dll.vir"
sh=0345FC288AF7AAE0794C903523E0A91E9E355403 ft=1 fh=cd456461b3b75d3f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\sruhs.dll.vir"
sh=63AF364C5A1B587C2BBF5980344D28375179DAA3 ft=1 fh=8709267d83154126 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srus.dll.vir"
sh=B65854E572AA6C6150A448FBE67F535ADD60A7B8 ft=1 fh=69c4a88423c06039 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=EED80DB4A1189D6E15652E07235054BB83AE5B7B ft=1 fh=050a6a233f119e71 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=2D6209412F6BEE3207B4A6B1D879029BCAE5A33A ft=1 fh=9e05ac448cb1dbae vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=868B31DF79F3129CBE3DD668B16198A5933CCA89 ft=1 fh=63c3d33c342d4df8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=E906C4A0D2F107566676915A1D8F749971EC8BAA ft=1 fh=8b702ee1cd32cab3 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=9193F640EB5C4C9CB7E37F33A3B82F1617A27C46 ft=1 fh=5eb79182e52d0cb8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=7B0114EA29BC6FCCA336DCC2E0DE233FD7671C1D ft=1 fh=9a8147c308b8dbff vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=3E2E688AAA8B0CF8DC64DA309FF1FC450A41DEC1 ft=1 fh=80bdf0d437659c5a vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=6378561B8B38A2827388FA4DE1E38A3B35D8F957 ft=1 fh=40efe5071e489d7b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
Ich habe insgesamt mehr USB-Sticks als USB-Anschlüsse. Soll ich das Programm nochmal mit den übrigen USB-Sticks laufen lassen?

cosinus 02.02.2015 13:36
Kann nicht schaden :)

AKK87 02.02.2015 15:10
Hier ist dann das Ergebnis der zweiten ESET-Runde:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bb30e862f6fc854eae71deba0d969080
# engine=22263
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-02 02:06:32
# local_time=2015-02-02 03:06:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1299 16777213 100 100 6036 50457622 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 151272 174515842 0 0
# scanned=212446
# found=22
# cleaned=22
# scan_time=3942
sh=BF9DFFEFCCB98DC98AE6E19AD270FF0831B8A10C ft=1 fh=bcc35720bc203060 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=06CDBC71C6BDB9E93948C5CE2F49A08F97A0DDC6 ft=1 fh=ee606ee69e82f760 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=46E4E1539DFE69AD69D43638A000EFCA4074C359 ft=1 fh=a2d4323422aa0320 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=549F9D02F1BB82B1AE776E8824051088CAFD9369 ft=1 fh=9b9fb80f44c4acb2 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.AdvancedExeLauncherPlugin.dll.vir"
sh=C742319F480AB0BD6F4A8C4B12D4AC161BB07B92 ft=1 fh=77ff0dd2c6329cc6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.CustomControl.dll.vir"
sh=297D783EA1B3B0CB34EBCC34DC78237E5CAD7AFE ft=1 fh=8b517a8c8384579c vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.DMP.dll.vir"
sh=110752710CFF65EE8907962F75DD2889196F30E7 ft=1 fh=79060f56cc622fd7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.MessengerPlugin.dll.vir"
sh=C913CAD86540FFDF52389FF54E0163E7C09885AD ft=1 fh=eae5d36e67f1a44e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.NotepadPlugin.dll.vir"
sh=044C6C40C001C097AA2B44471BA05DC09EA8A803 ft=1 fh=f23ec7f6bdf7579e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir"
sh=A27D5B20809A5107590B4943EE7CABBF394BEDB3 ft=1 fh=b56e3bb8d53defcc vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.ScreenCapturePlugin.dll.vir"
sh=C30936E2A17E58D0EB4AF2597ABEE10517C9DB70 ft=1 fh=ab2dfa641eb68ce0 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WeatherPlugin.dll.vir"
sh=14CD07E24E23510F2395B3D1A4BEFF2573EE52EA ft=1 fh=a25d9b6f08145a4e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.WordPlugin.dll.vir"
sh=CEA566AE9EDCECDBC376341B5B0D7BF2FB3AC6D8 ft=1 fh=55130af85ebaf5dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir"
sh=977B60DEF45F24048D040ECDCAA65BB332C6B449 ft=1 fh=164dad5fc31d40af vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe.vir"
sh=2C8981A59216CCB644BE5FBC92DBB7F8F0188F99 ft=1 fh=6aad921543298e71 vn="Variante von Win32/AdSuproot.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe.vir"
sh=D95DA6EB1B41CE144BC78AA7EF8FDBA782692156 ft=1 fh=038f0e9c2aa6fcd9 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll.vir"
sh=6FAC18F40A0B9D8591E636CB3B40208DE00A527D ft=1 fh=f4fb7f62c46286d7 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll.vir"
sh=2E6E4C2FDF55F1E6CB989861ABC276BF28DE1F0C ft=1 fh=ab455342bbbbf6b6 vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libEGL.dll.vir"
sh=A759EFBF880BDF0268F7ACA91E5C7CFA184EC6BA ft=1 fh=8b9d0fa7f7d4506b vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\libGLESv2.dll.vir"
sh=560236056E7C0D6603562B7296CBA8EDA6B081D5 ft=1 fh=27394455615c306e vn="Variante von Win32/AdSuproot Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Katharina\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=37DE38598CFC7098B9BF302F914BCE1BA9EC4D97 ft=1 fh=ced1193a90f367db vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"

cosinus 02.02.2015 15:12
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Alle Zeitangaben in WEZ +1. Es ist jetzt 11:43 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55