Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Registrierungsschlüssel können nicht gelöscht werden (https://www.trojaner-board.de/166084-registrierungsschluessel-geloescht.html)

Lily de Lil 13.04.2015 22:17
Registrierungsschlüssel können nicht gelöscht werden
 
Grüss Gott,

bin neu hier und wollte zu allererst ienmal mich herzlich bedanken für alles, was ich aus diesem Forum schon gelernt und Gutes gezogen habe. Wirklich: sehr kompetent und grosszügig!

Nun zu Folgendem:
Neuerdings erscheint beim Hochfahren meines Laptops (nachdem ich mich angemeldet habe) folgendes Fenster:
"System needs to be restart again. Make sure alle driver is installed."
Klicke ich dann auf das Kreuz oben rechts,geht das Fenster zu - klicke ich auf ok, scheint es irgendwo links unten zu verschwinden.

Geichzeitig, und ich weiss nicht, ob da ein Zusamenhang besteht, kann ich Registrierungsschlüssel nicht löschen, die mir keiner der Virenscanner (auch nicht Malewarebytes) aufzeigt, nur der ADW-Cleaner. Ich habe es manuell versucht, aber der Schlüssel erscheint immer wieder, es ist derselbe in HKCU und HKCU64 (das finde ich ja gar nicht - mag sein, es sagt nur aus, dass mein Notebook ein 64bit ist).
Die Schlüssel sind
HKCU\software\Microsoft\Internet Explorer\Search Scope\{0DC81A4A-5C8A-4D8D-B737-F448DC92EB6}

Und dasselbe dann nochmal mit HKCU64 :(.

Comofix hat nix geändert daran. Habe JRT und FRST mit und ohne Addition erstellt und könnte es beilegen, falls gewünscht......

Über jede Hilfe wäre ich dankbar.

schrauber 14.04.2015 05:30
Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Lily de Lil 22.04.2015 17:16
FRST:
FRST Logfile:

FRST Logfile:

FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Lily de Lil (administrator) on LILYDELIL-PC on 13-04-2015 21:56:24
Running from C:\Users\Lily de Lil\Desktop\Besenkammer
Loaded Profiles: Lily de Lil (Available profiles: Lily de Lil & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Dropbox, Inc.) C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-04-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-06-10] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Lily de Lil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [""teamdrive_1_Sync] -> {E94EFFA4-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [""teamdrive_2_Warning] -> {E94EFFA5-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: [""teamdrive_3_Folder] -> {E94EFFA6-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt64.dll (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [""teamdrive_1_Sync] -> {E94EFFA4-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt32.dll (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [""teamdrive_2_Warning] -> {E94EFFA5-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt32.dll (TeamDrive Systems GmbH)
ShellIconOverlayIdentifiers-x32: [""teamdrive_3_Folder] -> {E94EFFA6-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files (x86)\TeamDrive\TeamDriveShellExt32.dll (TeamDrive Systems GmbH)
GroupPolicyUsers\S-1-5-21-3025587734-2060280166-3137437032-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ixquick.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000 -> DefaultScope {0DC81A4A-5C8A-4D8D-B737-F44EBDC92EB6} URL = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000 -> {0DC81A4A-5C8A-4D8D-B737-F44EBDC92EB6} URL = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-04] (IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Lily de Lil\AppData\Roaming\Mozilla\Firefox\Profiles\b371u0lq.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lily de Lil\AppData\Roaming\Mozilla\Firefox\Profiles\prz0iwdp.dev-edition-default\Extensions\iobitascsurfingprotection@iobit.com [2015-04-11]
FF HKLM-x32\...\Firefox\Extensions: [jid0-1wPBLrijxGVkIUhu0kFYq6ZaWzA@jetpack] - C:\Program Files (x86)\AntiBrowserSpy\Addons\Firefox
FF Extension: AntiBrowserSpy - SocialBlocker - C:\Program Files (x86)\AntiBrowserSpy\Addons\Firefox [2015-04-06]
FF HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Lily de Lil\AppData\Roaming\Mozilla\Firefox\Profiles\b371u0lq.default\extensions\cliqz@cliqz.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (Google Docs) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Google Drive) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-04]
CHR Extension: (YouTube) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-04]
CHR Extension: (Google Search) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Google Sheets) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (AntiBrowserSpy - Social Network Block) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\niemojilidmmanhhnihhhjhdaelfmjoi [2015-04-06]
CHR Extension: (Google Wallet) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-04]
CHR Extension: (Gmail) - C:\Users\Lily de Lil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [niemojilidmmanhhnihhhjhdaelfmjoi] - C:\Program Files (x86)\AntiBrowserSpy\Addons\Chrome.crx [2015-04-06]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -user-agent=Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.22 anonymized by Abelssoft 1509791198

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1516968 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
S3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-15] ()
S3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-04-15] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2012-05-22] () [File not signed]
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-04-06] (Phoenix Technologies) [File not signed]
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-04] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-04-04] (Intel Corporation)
R1 ncdevice; C:\Windows\System32\DRIVERS\ncdevice.sys [41248 2014-05-22] (NT Kernel Resources)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11523584 2015-04-04] (Intel Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

Addition:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Lily de Lil at 2015-04-13 22:20:45
Running from C:\Users\Lily de Lil\Desktop\Besenkammer
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 160 - Abelssoft)
aonFTP (x32 Version: 1.6.2.3 - A1 Telekom Austria AG) Hidden
aonUpdate (x32 Version: 1.4.0.42 - A1 Telekom Austria AG) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.02 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 1.00 - Abelssoft)
CLIQZ (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.68 - CLIQZ.com)
COMPUTERBILD Vorteil-Center (HKLM-x32\...\{D6BFE154-5759-4BCF-87BD-F304F3B8F8E5}) (Version: 1.2.1 - J3S)
Controller (x32 Version: 2.8.0.197 - A1 Telekom Austria AG) Hidden
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
Dropbox (HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 8.2  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
ETDWare PS/2-X64 11.10.2.2_WHQL (HKLM\...\Elantech) (Version: 11.10.2.2 - ELAN Microelectronic Corp.)
Firefox Developer Edition 39.0a2 (x86 de) (HKLM-x32\...\Firefox Developer Edition 39.0a2 (x86 de)) (Version: 39.0a2 - Mozilla)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{365A8436-22A8-47BF-B1B9-6A6CDAA465CE}) (Version: 7.0.8.1216 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Highspeed-Internet-Installation (x32 Version: 7.2.2.8 - A1 Telekom Austria AG) Hidden
Hotkey 6.0053 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0053 - NoteBook)
Hotkey 6.0053 (x32 Version: 6.0053 - NoteBook) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.20_Sirrix (HKLM\...\{F529EE99-7FEA-4B6B-8668-3290927669C2}) (Version: 4.3.20 - Sirrix AG)
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.5.0 - Uniblue Systems Limited)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamDrive (HKLM-x32\...\TeamDrive) (Version: 4.0.7.1203 - TeamDrive Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3025587734-2060280166-3137437032-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lily de Lil\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

10-04-2015 09:24:42 Revo Uninstaller's restore point - KeePass Password Safe 2.28
10-04-2015 09:35:27 Revo Uninstaller's restore point - KeePass Password Safe 1.29
13-04-2015 19:34:13 ComboFix created restore point
13-04-2015 20:20:46 Uniblue PC Mechanic installation
13-04-2015 20:21:57 Uniblue DriverScanner installation
13-04-2015 21:47:45 Revo Uninstaller's restore point - DriverScanner

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-13 19:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A7C64C9-0510-4E6F-9AB1-3D8BE2C4A1FE} - System32\Tasks\Abelssoft\StartBackgroundguardWithWindows => C:\Program Files (x86)\CheckDrive\CheckDrive.exe [2015-04-02] (Ascora GmbH)
Task: {30F18958-F7A1-48C4-8A28-35557212D8A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {3DD41C47-3BEE-446A-8045-23BBE0C0EDB0} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-03-16] (Uniblue Systems Limited)
Task: {41BC62DE-99B0-4AC0-8866-59E892292E90} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-02-05] (IObit)
Task: {6B2B23A0-4EDD-480F-8E48-AC80B1331348} - System32\Tasks\ASC8_SkipUac_Lily de Lil => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {8BD4FD76-A82C-4FBC-BF2E-B2EDB12BDAFF} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-03-06] (IObit)
Task: {8C4D2E9F-B156-4124-BBF5-70ED77D1D816} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9117D5A2-1FE0-4162-A41F-6ED1BEA6E91C} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-03-16] (Uniblue Systems Limited)
Task: {A6FCB1D7-FFDF-4133-B3E0-0B109034788B} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-03-16] (Uniblue Systems Limited)
Task: {B4570ADC-5B3A-401A-91FE-6EB16FF95449} - System32\Tasks\Driver Booster SkipUAC (Lily de Lil) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-02-05] (IObit)
Task: {B617E1B9-BE8B-4619-B8DC-F45268216722} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
Task: {C6CFEC13-06E0-4BE1-B3A8-848259FED65B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-02-04] (IObit)
Task: {C9F49420-E2CE-4ECC-AAD6-3D49513A4517} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {CB6839CA-8087-47DC-994A-86305951DC3C} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {CC0F3334-ECE4-45BA-9203-36A18D751B54} - System32\Tasks\Uninstaller_SkipUac_Lily_de_Lil => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {EE34A778-9C98-4C85-B7D7-1F309D75F694} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {F175D6EB-5E76-4F80-9F7C-1727AA93505F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {F361697A-E3CF-4BAF-ABED-5292F5C84BCF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FEC078A0-E977-4102-B54E-8F77D764C8CC} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {FED00A4E-CF6F-480A-87EE-FB72D7DE54A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\Windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\Windows\Tasks\PC-Mechanic Subscription.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3025587734-2060280166-3137437032-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lily de Lil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: COMPUTERBILD Vorteil-Center => "C:\Program Files (x86)\COMPUTERBILD Vorteil-Center\COMPUTERBILD Vorteil-Center.exe" /tray
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray

==================== Accounts: =============================

Administrator (S-1-5-21-3025587734-2060280166-3137437032-500 - Administrator - Disabled)
Gast (S-1-5-21-3025587734-2060280166-3137437032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3025587734-2060280166-3137437032-1003 - Limited - Enabled)
Lily de Lil (S-1-5-21-3025587734-2060280166-3137437032-1000 - Administrator - Enabled) => C:\Users\Lily de Lil
UpdatusUser (S-1-5-21-3025587734-2060280166-3137437032-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8084.61 MB
Available physical RAM: 5898.29 MB
Total Pagefile: 16167.4 MB
Available Pagefile: 13761.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive a: () (Fixed) (Total:127.67 GB) (Free:62.39 GB) NTFS
Drive b: (MahaYoga) (Fixed) (Total:9.12 GB) (Free:8.71 GB) NTFS
Drive c: (Programme) (Fixed) (Total:109.41 GB) (Free:67.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A9931297)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=9.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Bitte entschulidgt, hatte schon lange auf Schreibers Anfrage geantwortet - aber nicht gemerkt, dass ich nicht FRST und Addition zusammen in einen Post bringe. So erschien nichts, und ich habe es nciht gemerkt. Jetzt, auf mein Wundern, weil keiner antwortet (logisch), merk ich das Versehen.

schrauber 23.04.2015 11:25
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Lily de Lil 24.04.2015 15:54
Zitat:
Zitat von schrauber (Beitrag 1458506)
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
Danke, Schrauber- hat sich leider erledigt. musste das Notebook neu aufziehen.
Hatte di eBetaverson von win10 (nachts um 1 oder 2h) runtergeladen und bin iengeschlafen während des Prozesses (irgendwann um 3h oder so). Als ich wiedera ufwachte, kam ih n das NB nciht mdehr rein, ncihts half. Leider hatte ich mit der Neuinstalaton schon begonnen, als der zweite Laptp (den ich grad einzurichten begonnen hatte, genau WEIL der "Grosse" ausfiel) mir eine Mail von Microsoft zeigte, in der ich nureinen Link hätte anklicken müssen, und alles wäre vermutlich ok gewesen.
Jetzt habe ich keine Viren mehr drauf *schiefgrins*
Hätte Win10 vermutlich auf eine separate Partition laden sollen - oder es einfach lassen.

Danke in jedem Fall!!!
Liebe Grüsse und shcöne sonnige Tage
Lily de Lil

schrauber 25.04.2015 11:24
Win10 grundsätzlich nur auf Rechner installieren, die rein zum spielen und testen sind, und die gerne auch mal abrauchen dürfen :)

Lily de Lil 25.04.2015 18:01
Zitat:
Zitat von schrauber (Beitrag 1459176)
Win10 grundsätzlich nur auf Rechner installieren, die rein zum spielen und testen sind, und die gerne auch mal abrauchen dürfen :)
Sowos hob i leider ned :(
Merks mi oba......

Liebe Grüse
Lily
:wtf:

schrauber 26.04.2015 06:41
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131