janningnetworks

I already got my NFR Key. Is it safe to install Anti-Ransomware on Remotedesktop-Server? I can see it is compatible to Windows Server 2008 R2, but will it work on a Terminalserver?

Yes! Thanks!

i´m reseller, too. would like to have the msi-package for company roll-out.

Sophos found 0 viruses. But Adwcleaner still freezes my computer while cleaning registry. I started JRT once again: found 0 viruses. Forgot to start Farbar... Sorry..

adwcleaner crashed while cleaning. i´m scanning with sophos right now, after that i´ll try adwcleaner again.

Step 05 Adwcleaner # AdwCleaner v5.029 - Bericht erstellt am 13/01/2016 um 09:46:41 # Aktualisiert am 11/01/2016 von Xplode # Datenbank : 2016-01-12.1 [Server] # Betriebssystem : Windows 10 Enterprise (x64) # Benutzername : holger.janning - DESKTOP-U46H69S # Gestartet von : C:\Users\holger.janning\Downloads\adwcleaner_5.029.exe # Option : Suchlauf # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** Dienst Gefunden : BrsHelper Dienst Gefunden : sbmntr Dienst Gefunden : SPBIUpd Dienst Gefunden : SPBIUpdd Dienst Gefunden : zcengine Dienst Gefunden : zcwfp Dienst Gefunden : rowugoqo Dienst Gefunden : vyzydyhezbt Dienst Gefunden : wucotusy Dienst Gefunden : zigipyro Dienst Gefunden : zutuzuni Dienst Gefunden : swsedrvr_vw_1_10_0_25 Dienst Gefunden : swsesrvc_1.10.0.25 Dienst Gefunden : Update Super Great Dienst Gefunden : Util Super Great Dienst Gefunden : SPDRIVER_1.42.1.10630 ***** [ Ordner ] ***** Ordner Gefunden : C:\Program Files\BubbleSound Ordner Gefunden : C:\Program Files\SpaceSoundPro Ordner Gefunden : C:\Program Files (x86)\YTDownloader Ordner Gefunden : C:\Program Files (x86)\SpaceSondPro Ordner Gefunden : C:\Program Files (x86)\Note-up Ordner Gefunden : C:\Program Files (x86)\QuickSearch Ordner Gefunden : C:\Program Files (x86)\WindoWeather Ordner Gefunden : C:\Program Files (x86)\ShopperPro3 Ordner Gefunden : C:\Program Files (x86)\7B394320-1452673838-11E4-BED5-7A9F6DA42100 Ordner Gefunden : C:\Program Files (x86)\SwiftSearch_1.10.0.25 Ordner Gefunden : C:\Program Files (x86)\Super Great Ordner Gefunden : C:\Program Files (x86)\gmsd_de_005010205 Ordner Gefunden : C:\Program Files (x86)\mbot_de_014010205 Ordner Gefunden : C:\Program Files (x86)\rec_en_77 Ordner Gefunden : C:\Program Files (x86)\gmsd_de_005010205 Ordner Gefunden : C:\Program Files (x86)\mbot_de_014010205 Ordner Gefunden : C:\Program Files (x86)\rec_en_77 Ordner Gefunden : C:\Program Files (x86)\SpaceSondPro_v53.11922 Ordner Gefunden : C:\Program Files\Common Files\ShopperPro3 Ordner Gefunden : C:\ProgramData\FlashBeat Ordner Gefunden : C:\ProgramData\WindoWeatherConfig Ordner Gefunden : C:\ProgramData\ShopperPro3 Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP Ordner Gefunden : C:\Users\holger.janning\AppData\Local\SearchModule Ordner Gefunden : C:\Users\holger.janning\AppData\Local\BrowserHelper Ordner Gefunden : C:\Users\holger.janning\AppData\Local\BrowserAir Ordner Gefunden : C:\Users\holger.janning\AppData\Local\TrailerTime Ordner Gefunden : C:\Users\holger.janning\AppData\Local\gmsd_de_005010205 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\mbot_de_014010205 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\rec_en_77 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\gmsd_de_005010205 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\mbot_de_014010205 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\rec_en_77 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\7B394320-1452677525-11E4-BED5-7A9F6DA42100 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\7B394320-1452678119-11E4-BED5-7A9F6DA42100 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa Ordner Gefunden : C:\Users\holger.janning\AppData\Local\Installer\Install_15507 Ordner Gefunden : C:\Users\holger.janning\AppData\Local\Installer\Install_30409 Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\NUIns Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Note-up Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\TrailerTime Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0 Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0 Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WindoWeather Ordner Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrailerTime Ordner Gefunden : C:\Users\HOLGER~1.JAN\AppData\Local\Temp\Super Great Ordner Gefunden : C:\Users\Public\Documents\ShopperPro3 Ordner Gefunden : C:\WINDOWS\SysNative\Tasks\YTDownloader Ordner Gefunden : C:\WINDOWS\SysNative\Tasks\ShopperPro3 Ordner Gefunden : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\zcengine ***** [ Dateien ] ***** Datei Gefunden : C:\END Datei Gefunden : C:\task.vbs Datei Gefunden : C:\Users\holger.janning\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk Datei Gefunden : C:\Users\holger.janning\Desktop\3D BubbleSound.lnk Datei Gefunden : C:\Users\holger.janning\Desktop\YTDownloader.lnk Datei Gefunden : C:\Users\holger.janning\Desktop\SpaceSoundPro.lnk Datei Gefunden : C:\Users\holger.janning\Desktop\BrowserAir.lnk Datei Gefunden : C:\Users\holger.janning\Desktop\Note-Up.lnk Datei Gefunden : C:\Users\holger.janning\Desktop\Continue installation .lnk Datei Gefunden : C:\Users\HOLGER~1.JAN\AppData\Local\Temp\lengine.ini.log Datei Gefunden : C:\WINDOWS\SysNative\zcengineOff.ini Datei Gefunden : C:\WINDOWS\SysNative\zcengine64.dll Datei Gefunden : C:\WINDOWS\SysNative\drivers\zcwfp64.sys Datei Gefunden : C:\WINDOWS\SysNative\drivers\sdfhgdf.sys Datei Gefunden : C:\WINDOWS\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys Datei Gefunden : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys Datei Gefunden : C:\WINDOWS\SysNative\drivers\{8dfdeace-9c2b-4b61-ab06-6759fc63fbda}Gw64.sys Datei Gefunden : C:\WINDOWS\SysWOW64\zcengineOff.ini Datei Gefunden : C:\WINDOWS\SysWOW64\zcengine.dll ***** [ DLL ] ***** ***** [ Verknüpfungen ] ***** Verknüpfung Infiziert : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, ) Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, ) Verknüpfung Infiziert : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, ) Verknüpfung Infiziert : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\VNC® Viewer for Google Chrome™.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, ) Verknüpfung Infiziert : C:\Users\holger.janning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, ) Verknüpfung Infiziert : C:\Users\holger.janning\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www%2dsearching.com/?prd=set_epc&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, ) ***** [ Aufgabenplanung ] ***** Geplante Aufgabe Gefunden : ShopperProJSUpd Geplante Aufgabe Gefunden : SPDriver Geplante Aufgabe Gefunden : YTDownloader Geplante Aufgabe Gefunden : YTDownloaderUpd Geplante Aufgabe Gefunden : IBUpd Geplante Aufgabe Gefunden : ShopperPro3 Geplante Aufgabe Gefunden : RSPro Geplante Aufgabe Gefunden : IBUpd2 Geplante Aufgabe Gefunden : SwiftSearch Auto Updater 1.10.0.25 Core Geplante Aufgabe Gefunden : SwiftSearch Auto Updater 1.10.0.25 Pending Update Geplante Aufgabe Gefunden : SPBIW_UpdateTask_Time_333532393132313933302d2a5b45342d4134455b5a326c Geplante Aufgabe Gefunden : IDFEW1 Geplante Aufgabe Gefunden : RVBANKTFAPHMIHTN ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1 Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver] Wert Gefunden : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader] Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver] Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [IOPROTECT] Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Note-up] Wert Gefunden : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchModule] Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataTableFields.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataTableFields Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataTable.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataTable Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataController.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataController Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataContainer.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataContainer Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcwfp Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcengine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.WFPController.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.WFPController Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.ReadOnlyManager.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.ReadOnlyManager Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.LSPLogic.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.LSPLogic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataTableHolder.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\zcengineLib.DataTableHolder Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WindoWeather] Schlüssel Gefunden : HKLM\SOFTWARE\CLASSES\APPID\zcengine.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro3.exe Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TrailerTime] Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [ExploreTech.exe] Schlüssel Gefunden : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Super Great Schlüssel Gefunden : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Super Great Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_de_014010205] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_de_005010205] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [rec_en_77] Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9F2949D6-977B-4B61-B513-0C2EE52C2B4F} Schlüssel Gefunden : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34EBA76A-E745-4B18-96C9-2B8E2BA8B246} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3A8E009B-E66D-4016-87CF-EC57FA9A4BC1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4D4D0357-0376-4656-A040-65AC089E84A2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6D5AF218-5F7E-40E0-B49D-54FFAFE2001A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{89E46EA6-2F87-4D79-8FFA-8B264F93F54A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9ECCDEFC-1C26-4BB3-B6DF-252672D9FFFA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F1BC674D-15D8-46C5-AC51-12AB16D67616} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F811C371-1DC7-4E2F-8676-D96B85BE4AF1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{b931a240-e32a-4f2b-97aa-8b01c8e6aa14} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3323765B-5B83-4406-841E-473DBA4B8F29} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{389562C4-59D9-40C4-966E-28DA91725FFE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F8D3B31-AEB8-4ED7-8B05-5556068D6B54} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6ED1EF08-DFF4-4252-8986-691D06C54131} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{83E07061-02D1-41EC-8751-BB176B823C38} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0948E7-227A-4F1B-9849-2D8912F185A7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A471A4AA-5C18-429F-81BF-6C760941DB74} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C0A7C2B3-86D6-42AF-8221-79C9E4AD50BA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F2FB003D-07C7-4E4D-80E3-00B49468A6F4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7971E81-FC71-4659-8CCE-C903576E0924} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{00E3D575-A24C-4BBC-A708-BCDB8BBCA6C7} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{024BF4C8-B53D-45B9-957F-D3BA9655FF39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{074DCA49-F6A1-417F-B79E-D5E3ADC30330} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{69C28999-D17B-4989-BD4F-1A7150D6010F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{029AF757-A988-4BDD-A744-A4C7BCEBB011} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9D34B059-E7DC-43DF-BFE5-948A5CB63E60} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b931a240-e32a-4f2b-97aa-8b01c8e6aa14} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{1386F2A3-FEB9-4C55-AD9A-B798EE57299B} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FDF7A92-F901-4F93-9769-A8AC41C8E563} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3323765B-5B83-4406-841E-473DBA4B8F29} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{389562C4-59D9-40C4-966E-28DA91725FFE} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3F8D3B31-AEB8-4ED7-8B05-5556068D6B54} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6ED1EF08-DFF4-4252-8986-691D06C54131} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{83E07061-02D1-41EC-8751-BB176B823C38} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0948E7-227A-4F1B-9849-2D8912F185A7} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A471A4AA-5C18-429F-81BF-6C760941DB74} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C0A7C2B3-86D6-42AF-8221-79C9E4AD50BA} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F2FB003D-07C7-4E4D-80E3-00B49468A6F4} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F7971E81-FC71-4659-8CCE-C903576E0924} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{00E3D575-A24C-4BBC-A708-BCDB8BBCA6C7} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{024BF4C8-B53D-45B9-957F-D3BA9655FF39} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{074DCA49-F6A1-417F-B79E-D5E3ADC30330} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{69C28999-D17B-4989-BD4F-1A7150D6010F} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Schlüssel Gefunden : HKCU\Software\Tutorials Schlüssel Gefunden : HKCU\Software\TutoTag Schlüssel Gefunden : HKCU\Software\YTDownloader Schlüssel Gefunden : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} Schlüssel Gefunden : HKCU\Software\DeskBar Schlüssel Gefunden : HKCU\Software\BrowserAir Schlüssel Gefunden : HKCU\Software\tstamptoken Schlüssel Gefunden : HKCU\Software\Microsoft\Tinstalls Schlüssel Gefunden : HKCU\Software\TheBrowser Schlüssel Gefunden : HKCU\Software\Super Great Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\TrailerTime Schlüssel Gefunden : HKLM\SOFTWARE\MyBestOffersToday Schlüssel Gefunden : HKLM\SOFTWARE\Tutorials Schlüssel Gefunden : HKLM\SOFTWARE\YTDownloader Schlüssel Gefunden : HKLM\SOFTWARE\GAMESDESKTOP Schlüssel Gefunden : HKLM\SOFTWARE\FlashBeat Schlüssel Gefunden : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} Schlüssel Gefunden : HKLM\SOFTWARE\SpaceSondPro Schlüssel Gefunden : HKLM\SOFTWARE\SVH Schlüssel Gefunden : HKLM\SOFTWARE\mysites123Software Schlüssel Gefunden : HKLM\SOFTWARE\QuickSearch Schlüssel Gefunden : HKLM\SOFTWARE\WindoWeather Schlüssel Gefunden : HKLM\SOFTWARE\TData Schlüssel Gefunden : HKLM\SOFTWARE\ShopperPro3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\WindoWeather Schlüssel Gefunden : HKLM\SOFTWARE\SwiftSearch_1.10.0.25 Schlüssel Gefunden : HKLM\SOFTWARE\SwiftSearch_1.10.0.25 Schlüssel Gefunden : HKLM\SOFTWARE\Super Great Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BrowserAir Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysites123 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindoWeather Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TrailerTime Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SwiftSearch_1.10.0.25 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SwiftSearch_1.10.0.25 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_de_005010205_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_014010205_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_en_77_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_de_005010205_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_de_014010205_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_en_77_is1 Schlüssel Gefunden : [x64] HKLM\SOFTWARE\FlashBeat Schlüssel Gefunden : [x64] HKLM\SOFTWARE\BubbleSound Schlüssel Gefunden : [x64] HKLM\SOFTWARE\SearchModule Schlüssel Gefunden : [x64] HKLM\SOFTWARE\SpaceSoundPro Schlüssel Gefunden : [x64] HKLM\SOFTWARE\BrowserAir Schlüssel Gefunden : [x64] HKLM\SOFTWARE\ShopperPro3 Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceSoundPro Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Great Daten Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www-searching.com/?pid=s&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a,&vp=ch&prd=set_ie Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F400A73B-F5D3-4438-831F-F597A015FAF7} Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\HKGZQIEJ32.dll Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\HKGZQIEJ64.dll ***** [ Internetbrowser ] ***** [C:\Users\holger.janning\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gefunden : hxxp://www-searching.com/?pid=s&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a,&vp=ch&prd=set_ch [C:\Users\holger.janning\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Gefunden : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a, [C:\Users\holger.janning\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gefunden : jlcgehabolcakkjhgmgpkagpolbjlhfa [C:\Users\holger.janning\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gefunden : hxxp://www-searching.com/?pid=s&s=G1Dzbwybl01,afbe7aff-6fe8-4a3b-93c7-93646ced493a,&vp=ch&prd=set_ch ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [24749 Bytes] ########## # AdwCleaner v5.201 - Bericht erstellt am 03/08/2016 um 09:35:03 # Aktualisiert am 30/06/2016 von ToolsLib # Datenbank : 2016-08-02.3 [Server] # Betriebssystem : Windows 10 Enterprise (X64) # Benutzername : holger.janning - DESKTOP-U46H69S # Gestartet von : C:\Users\holger.janning\Downloads\AdwCleaner.exe # Option : Suchlauf # Unterstützung : https://toolslib.net/forum ***** [ Dienste ] ***** Dienst gefunden : sdfhgdf ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} Schlüssel gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} Schlüssel gefunden : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK Schlüssel gefunden : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Schlüssel gefunden : HKCU\Software\INSTALLPATH\STATUS Schlüssel gefunden : [x64] HKLM\SOFTWARE\Description Schlüssel gefunden : HKU\S-1-5-21-2855811082-3690422452-1601568761-1001\Software\INSTALLPATH\STATUS Wert gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [3D BubbleSound] Wert gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SpaceSoundPro] ***** [ Internetbrowser ] ***** ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [25933 Bytes] - [13/01/2016 10:48:41] C:\AdwCleaner\AdwCleaner[S1].txt - [27096 Bytes] - [13/01/2016 10:46:41] C:\AdwCleaner\AdwCleaner[S2].txt - [729 Bytes] - [13/01/2016 10:54:58] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [27242 Bytes] ##########

Step 04 JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Enterprise x64 Ran by holger.janning (Administrator) on 03.08.2016 at 9:25:53,68 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder) Successfully deleted: C:\ProgramData\Service1291 (Folder) Successfully deleted: C:\Users\holger.janning\AppData\Local\installer (Folder) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_AF82AAF996C2AF0F04DE665A3FB608DC (Registry Value) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\sdfhgdf (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.08.2016 at 9:28:20,38 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks. i found out, that my hosts file was changed. but i´m pretty sure, i have deleted the malicous entries and saved back a clean version some weeks ago. so i think something bad is still "working" in the background. i started "rkill" - found no problems... and then started malwarebytes "as Administrator". I have got the corporate edition. There is no "Threat Scan". The settings page also looks different. I have chosen: Flash Scan with no suspicious entries. then i started "Quick Scan" - found nothing. Results from Flash Scan: Malwarebytes Anti-Malware (Corporate) 1.80.2.1012 www.malwarebytes.org Database version: main: v2016.08.01.08 rootkit: v0000.00.00.00 Windows 10 x64 NTFS Internet Explorer 11.494.10586.0 holger.janning :: DESKTOP-U46H69S [administrator] Protection: Enabled 01.08.2016 16:26:24 mbam-log-2016-08-01 (16-26-24).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System Objects scanned: 277578 Time elapsed: 1 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

any ideas? thank you!

Hi, i had a problem some month ago. Default Browser points to something like BrowserAir / many PopUps, etc. I run antivirus software and malwarebytes to clean up. But i think my computer has still some problems. i cannot set default browser. sometimes windows cannot get focus and are "shaking". i tried sfc /scannow and some other things. i´ve attached the files i think you need... thank you!, Holger Addition.txt FRST.txt CheckResults.txt

Hey, i tried to install Beta7 on our Terminalserver. but this doesn´t work. is it planned to support RDS? First i tried: Install as Domain-Administrator - went fine, but only protected on Administrator Login. if i logon via normal user: not protected. Then i tried to install with: change user /install Protection doesn´t work anymore. Eventlog shows up: Name der fehlerhaften Anwendung: MBAMService.exe, Version: 3.0.0.549, Zeitstempel: 0x574313ca Name des fehlerhaften Moduls: arwlib.dll, Version: 3.0.0.219, Zeitstempel: 0x5756f022 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000039c99 ID des fehlerhaften Prozesses: 0x7510 Startzeit der fehlerhaften Anwendung: 0x01d1d8373383d9da Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe Pfad des fehlerhaften Moduls: C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll Berichtskennung: 9c5340aa-442e-11e6-92d7-000c29d29193