| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Pop-up Fenster und sich selbst öffnende Tabs.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.04.2014, 14:26
| #1 |
 |  Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Hallo liebes Trojaner-Board. Seit mehreren Wochen besteht das Problem, dass sich beim Öffnen neuer Webseiten oder beim Klicken auf einen Link ein neuer Tab mit der Bitte zum Installieren des Flash Players öffnet. Vom Adobe Flash Player ist hier aber wahrscheinlich nicht die Rede. Zusätzlich öffnen sich Pop-up Fenster, in denen gesagt wird, dass der PC gescannt wird und der PC aufgrund verschiedenster Anwendungen zu langsam sei. Zusätzlich, wie auch auf dieser Webseite sieht man einige geschriebene Wörter doppelt und blau unterstrichen als Link, wobei ich darauf noch nicht geklickt habe um zu sehen wohin diese Verlinkung führt. Als letztes "Symptom" ist eine vermehrte und plötzliche Öffnung von Pop-up Fenstern mit verschiedenster Werbung zu beobachten. Ich hoffe ihr könnt mit helfen und schonmal im Vorraus vielen lieben Dank für eure Mühen! defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:40 on 04/04/2014 (Heike)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ***** (administrator) on HEIKE on 04-04-2014 14:42:40
Running from C:\Users\*****\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [548864 2009-02-04] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
SearchScopes: HKLM - {8E2F353B-9A3A-40E6-A291-7876503006E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
SearchScopes: HKLM-x32 - {8E2F353B-9A3A-40E6-A291-7876503006E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393571665&from=tugs&uid=TOSHIBAXMQ01ABF050_73DCW0G6TXX73DCW0G6T&q={searchTerms}
SearchScopes: HKCU - {8E2F353B-9A3A-40E6-A291-7876503006E6} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: MediaPlayerEnhance - {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho64.dll (Feven)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MediaPlayerEnhance - {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll (Feven)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerEnhance - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com [2014-03-14]
FF Extension: WEB.DE MailCheck - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\Extensions\toolbar@web.de.xpi [2014-03-05]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ahf4wxo4.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-28] (Cherished Technololgy LIMITED)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-04 14:42 - 2014-04-04 14:42 - 00020438 _____ () C:\Users\*****\Desktop\FRST.txt
2014-04-04 14:42 - 2014-04-04 14:42 - 00000000 ____D () C:\FRST
2014-04-04 14:41 - 2014-04-04 14:41 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-04-04 14:40 - 2014-04-04 14:40 - 00000484 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-04-04 14:40 - 2014-04-04 14:40 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-04-04 14:38 - 2014-04-04 14:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-03-21 11:00 - 2014-03-21 11:00 - 06708928 _____ (TomTom International B.V.) C:\Users\*****\Downloads\InstallMyDriveConnect.exe
2014-03-19 16:26 - 2014-03-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 14:57 - 2014-03-19 15:01 - 00031232 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-03-14 09:34 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 09:34 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 09:34 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 09:34 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 09:34 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 09:34 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 09:34 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 09:34 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 09:34 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 09:34 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-14 09:34 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 09:34 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-14 09:34 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-14 09:33 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 09:33 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 09:33 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 09:33 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 09:33 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-14 09:33 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-05 11:24 - 2014-03-05 11:24 - 00000000 __SHD () C:\Recovery
2014-03-05 11:16 - 2014-03-05 11:16 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-03-05 10:58 - 2014-03-05 10:58 - 00000712 _____ () C:\Windows\DtcInstall.log
2014-03-05 10:56 - 2014-03-05 10:57 - 00001563 _____ () C:\Windows\comsetup.log
2014-03-05 10:54 - 2014-03-05 11:01 - 00520446 _____ () C:\Windows\setupact.log
2014-03-05 10:54 - 2014-03-05 11:01 - 00032388 _____ () C:\Windows\diagwrn.xml
2014-03-05 10:54 - 2014-03-05 11:01 - 00032388 _____ () C:\Windows\diagerr.xml
2014-03-05 10:54 - 2014-03-05 10:54 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
2014-04-04 14:42 - 2014-04-04 14:42 - 00020438 _____ () C:\Users\*****\Desktop\FRST.txt
2014-04-04 14:42 - 2014-04-04 14:42 - 00000000 ____D () C:\FRST
2014-04-04 14:41 - 2014-04-04 14:41 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-04-04 14:40 - 2014-04-04 14:40 - 00000484 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-04-04 14:40 - 2014-04-04 14:40 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-04-04 14:40 - 2014-02-15 23:18 - 00000000 ____D () C:\Users\*****
2014-04-04 14:38 - 2014-04-04 14:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-04-04 14:21 - 2014-03-04 16:37 - 01245970 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 14:21 - 2014-02-28 09:16 - 00002430 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-04-04 14:16 - 2014-02-28 09:16 - 00001630 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-04-04 14:16 - 2014-02-28 09:16 - 00001586 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-04-04 14:16 - 2014-02-28 09:16 - 00001484 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-04-04 14:15 - 2014-02-28 09:15 - 00003144 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-04-04 14:06 - 2014-02-15 23:26 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839397568-1600097902-707492972-1002
2014-04-04 14:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-29 19:50 - 2014-02-16 00:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 15:14 - 2014-02-16 00:29 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-21 11:14 - 2013-10-09 00:48 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-03-21 11:14 - 2013-10-09 00:48 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-03-21 11:14 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 11:00 - 2014-03-21 11:00 - 06708928 _____ (TomTom International B.V.) C:\Users\*****\Downloads\InstallMyDriveConnect.exe
2014-03-19 17:05 - 2014-02-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 16:26 - 2014-03-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:01 - 2014-03-19 14:57 - 00031232 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-03-19 14:58 - 2014-02-16 00:49 - 00000000 ___RD () C:\Users\*****\Documents\Eigene Dateien alt
2014-03-19 14:32 - 2014-02-16 00:47 - 00000000 ____D () C:\Users\*****\Documents\Downloads alt
2014-03-19 13:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-18 12:47 - 2014-02-18 12:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 12:45 - 2014-02-18 12:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 12:45 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-16 11:38 - 2014-02-15 23:20 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 11:38 - 2014-02-15 23:20 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-16 11:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 11:36 - 2014-03-04 18:19 - 00001460 _____ () C:\Windows\PFRO.log
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 08:50 - 2014-02-16 00:05 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-08 18:19 - 2014-02-15 23:19 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-05 11:52 - 2013-11-14 10:24 - 00000000 ___HD () C:\$Windows.~BT
2014-03-05 11:45 - 2014-02-15 23:18 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-05 11:45 - 2013-10-08 15:25 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-05 11:45 - 2013-10-08 15:18 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-05 11:45 - 2013-10-08 15:17 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-05 11:45 - 2013-10-08 15:17 - 00000000 ____D () C:\Windows\system32\NV
2014-03-05 11:45 - 2013-10-08 15:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-05 11:45 - 2013-10-08 15:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-05 11:45 - 2013-10-08 14:56 - 00000000 ____D () C:\Program Files\Intel
2014-03-05 11:45 - 2013-08-02 16:59 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-05 11:45 - 2013-08-02 16:53 - 00000000 ____D () C:\ProgramData\PRICache
2014-03-05 11:45 - 2012-07-26 10:18 - 00000000 ____D () C:\Windows\DigitalLocker
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\spool
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\IME
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Help
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-05 11:45 - 2012-07-26 09:49 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-03-05 11:45 - 2012-07-26 09:49 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-03-05 11:45 - 2012-07-26 09:49 - 00000000 ____D () C:\Windows\system32\WCN
2014-03-05 11:45 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\SysWOW64\SMI
2014-03-05 11:45 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-05 11:37 - 2013-10-08 15:47 - 00000000 ____D () C:\Users\Default\AppData\Local\Pokki
2014-03-05 11:37 - 2013-10-08 15:47 - 00000000 ____D () C:\Users\Default User\AppData\Local\Pokki
2014-03-05 11:24 - 2014-03-05 11:24 - 00000000 __SHD () C:\Recovery
2014-03-05 11:16 - 2014-03-05 11:16 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-03-05 11:01 - 2014-03-05 10:54 - 00520446 _____ () C:\Windows\setupact.log
2014-03-05 11:01 - 2014-03-05 10:54 - 00032388 _____ () C:\Windows\diagwrn.xml
2014-03-05 11:01 - 2014-03-05 10:54 - 00032388 _____ () C:\Windows\diagerr.xml
2014-03-05 10:58 - 2014-03-05 10:58 - 00000712 _____ () C:\Windows\DtcInstall.log
2014-03-05 10:57 - 2014-03-05 10:56 - 00001563 _____ () C:\Windows\comsetup.log
2014-03-05 10:56 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2014-03-05 10:54 - 2014-03-05 10:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 04:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-05 02:53 - 2014-02-15 23:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Packages
2014-03-05 00:52 - 2014-02-18 10:17 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2014-02-18 10:17 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-18 12:44
==================== End Of Log ============================
Addition FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ***** at 2014-04-04 14:43:18
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA Grafiktreiber 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.41 (Version: 311.41 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
==================== Restore Points =========================
05-03-2014 08:20:46 Windows Update
12-03-2014 13:01:30 Geplanter Prüfpunkt
18-03-2014 10:45:06 Windows Update
21-03-2014 12:07:22 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03028265-831A-4808-A6F6-AAEFCCDE99C7} - System32\Tasks\MediaPlayerEnhance-firefoxinstaller => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe [2014-02-28] (Feven) <==== ATTENTION
Task: {096BEE5B-0EEB-46FF-9063-B89915DAA3C6} - System32\Tasks\MediaPlayerEnhance-chromeinstaller => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe [2014-02-28] (Feven) <==== ATTENTION
Task: {14D54D20-ED4E-47FB-8224-E6E357F0DE1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2A67373B-94EA-4F04-A7DE-F1088AD90AD7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {3DAAE470-8D17-435A-8592-93B0F345D581} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {4B355C8A-86CD-4093-9742-DE90F8E3B171} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {6391432F-C19E-44F9-93F8-B5ADE170316E} - System32\Tasks\MediaPlayerEnhance-codedownloader => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe [2014-02-28] (Feven) <==== ATTENTION
Task: {6D05B6E1-7920-4A4E-A569-3CB7C0C2F508} - System32\Tasks\MediaPlayerEnhance-updater => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe [2014-02-28] (Feven) <==== ATTENTION
Task: {6E66AE2A-CC7D-4123-BD4C-CF326C15C176} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-19] (Microsoft Corporation)
Task: {709FD972-1CB1-4E58-84BE-758EC36E0C8B} - System32\Tasks\MediaPlayerEnhance-enabler => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe [2014-02-28] (Feven) <==== ATTENTION
Task: {819C0E6B-C399-4A1D-91F4-837AC730F658} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {88206111-9B75-4AA6-BF35-FD2B1A2FA3A6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {A4B456F7-F527-423D-89FD-08DEDEE54244} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8BBF1A2-4910-4E54-844D-BD34F2475F7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D727F8AA-67AA-401F-B38A-7B6A6D4AAAE8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {E193093F-0153-400E-B1F3-38E0ECA1F9A5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F69F0305-4D37-4E39-8618-6061FFFD1DFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-03-19] (Microsoft Corporation)
Task: {F9EFA2E2-04FA-4E63-ACD0-E248FB22A55B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-enabler.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-updater.job => C:\Program Files (x86)\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-02-23 11:57 - 2008-06-04 16:53 - 00027648 _____ () C:\Windows\System32\spd__l6.dll
2014-01-27 22:45 - 2014-01-27 22:45 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2014-03-23 15:13 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-16 00:29 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-02-23 11:57 - 2009-02-04 19:55 - 00548864 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-02-23 11:57 - 2008-07-22 11:00 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-02-16 00:09 - 2013-12-09 12:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-16 00:13 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-16 00:13 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-16 00:13 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-16 00:13 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-16 00:13 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-08 15:10 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-16 12:41 - 2014-02-16 12:41 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-03-19 16:26 - 2014-03-19 16:26 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2014 07:40:23 PM) (Source: Desktop Window Manager) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (03/16/2014 11:43:44 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/05/2014 06:49:43 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/05/2014 05:45:30 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/05/2014 05:37:22 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/05/2014 00:06:44 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/05/2014 11:58:24 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/04/2014 06:39:28 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/04/2014 06:35:14 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
Error: (03/04/2014 06:26:51 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.
System errors:
=============
Error: (03/21/2014 02:07:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: TomTom - Other hardware - TomTom
Error: (03/21/2014 11:31:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: TomTom - Other hardware - TomTom
Error: (03/21/2014 11:20:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: TomTom - Other hardware - TomTom
Error: (03/21/2014 11:10:54 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{4A0A6E8D-B7A6-461E-8921-B2DBD7D020ED} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (03/16/2014 11:37:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/16/2014 11:37:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/16/2014 11:37:05 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/05/2014 05:30:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/05/2014 05:30:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/05/2014 05:30:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (03/27/2014 07:40:23 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8898008d
Error: (03/16/2014 11:43:44 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/05/2014 06:49:43 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/05/2014 05:45:30 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/05/2014 05:37:22 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/05/2014 00:06:44 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/05/2014 11:58:24 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/04/2014 06:39:28 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/04/2014 06:35:14 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/04/2014 06:26:51 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL)
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 8072.27 MB
Available physical RAM: 4758 MB
Total Pagefile: 9288.27 MB
Available Pagefile: 5297.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.61 GB) (Free:402.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9D1A719B)
Partition: GPT Partition Type.
==================== End Of Log ============================
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 14:55:19
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000035 TOSHIBA_MQ01ABF050 rev.AM001J 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\HEIKER~1\AppData\Local\Temp\kgloipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\LogonUI.exe[3880] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[3880] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[3880] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff06e5177a 4 bytes [E5, 06, FF, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[4028] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff06e51782 4 bytes [E5, 06, FF, 07]
.text C:\Windows\System32\LogonUI.exe[4836] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[4836] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[4836] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[5696] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[5696] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[5696] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[8100] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[8100] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\LogonUI.exe[8100] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\dwm.exe[1144] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\dwm.exe[1144] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\dwm.exe[1144] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2844] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2844] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[2844] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff06e5177a 4 bytes [E5, 06, FF, 07]
.text C:\Windows\system32\nvvsvc.exe[852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff06e51782 4 bytes [E5, 06, FF, 07]
.text C:\Windows\system32\taskhostex.exe[600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\taskhostex.exe[600] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\taskhostex.exe[600] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\Explorer.EXE[3800] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\Explorer.EXE[3800] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\Explorer.EXE[3800] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7224] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7224] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[6692] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[6692] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe[6692] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[6332] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[6332] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[6332] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[672] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[672] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[672] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fef6731b32 4 bytes [73, F6, FE, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[672] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fef6731b3a 4 bytes [73, F6, FE, 07]
.text C:\Windows\System32\igfxtray.exe[6880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\igfxtray.exe[6880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\igfxtray.exe[6880] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\igfxsrvc.exe[8096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\igfxsrvc.exe[8096] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\igfxsrvc.exe[8096] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\hkcmd.exe[7504] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\hkcmd.exe[7504] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\hkcmd.exe[7504] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\igfxpers.exe[6336] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\igfxpers.exe[6336] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\System32\igfxpers.exe[6336] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[1484] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[1484] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe[1484] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7492] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7492] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7492] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7480] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7480] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[7480] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[360] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff06e5177a 4 bytes [E5, 06, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[360] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff06e51782 4 bytes [E5, 06, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[360] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7832] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff06e5177a 4 bytes [E5, 06, FF, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7832] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff06e51782 4 bytes [E5, 06, FF, 07]
.text C:\Windows\Samsung\PanelMgr\caller64.exe[2160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\Samsung\PanelMgr\caller64.exe[2160] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\Samsung\PanelMgr\caller64.exe[2160] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\igfxext.exe[2624] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\igfxext.exe[2624] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\igfxext.exe[2624] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[7364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[7364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[7364] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[3680] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007ff04721532 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[3680] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007ff0472153a 4 bytes [72, 04, FF, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[3680] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007ff0472165a 4 bytes [72, 04, FF, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [4992:3520] fffff960009655e8
Thread C:\Windows\SYSTEM32\ntdll.dll [7948:2824] 0000000000cd53d3
Thread C:\Windows\SYSTEM32\ntdll.dll [7948:2816] 00000000717cb89c
Thread C:\Windows\SYSTEM32\ntdll.dll [7948:7864] 00000000717cbaf3
Thread C:\Windows\SYSTEM32\ntdll.dll [7948:5332] 00000000717cb3c2
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von Ma-iiii (04.04.2014 um 14:52 Uhr) |
|
04.04.2014, 15:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Hallo und
__________________ Zitat:
 Oder hat das einen anderen Grund, dass du Office Professional Plus installiert hast? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.04.2014, 15:27
| #3 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Vielen Dank für die schnelle Antwort
__________________ Professional Plus ist drauf, da es für die Arbeit, die auch teilweise selten zu Haus erledigt werden muss von der Arbeitsstelle gestellt wurde. Ist aber ein privater PC und wird nur selten dafür verwendet. Ich hoffe das ist kein Problem? Avira hat nichts gefunden. Auch sonst habe ich keine weiteren Logs. |
|
04.04.2014, 15:31
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Achso, dein AG hat dir das zur Verfügung gestellt? Nein dann ist es kein Problem, sofern in den Logs keine sensiblen Daten (Kundendaten in Dateinamen von MS-Office-Dokumenten ) vorkommen, oder ist dies der Fall?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2014, 15:33
| #5 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Nein Gott sei Dank nicht |
|
04.04.2014, 15:51
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Prüf das bitte trotzdem, denn das nachträgliche Zensieren von Daten in Logs ist nicht unsere Arbeit, das würde dann wenn überhaupt der Admin machen wenn er Zeit dafür hat. Office wurde dir vom AG zur Verfügung gestellt?
__________________ --> Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. |
|
04.04.2014, 16:09
| #7 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Die Dateien enthalten keine Kundendaten oder ähnliches. Ich hab extra nochmal nachgeschaut. Der AG hat einen Vertrag mit Microsoft und stellt seinen Arbeitnehmern Professional Plus für einen bestimmten zu zahlenden Eigenbetrag zur persönlichen Nutzung zur Verfügung. |
|
04.04.2014, 17:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2014, 19:12
| #9 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Hier die durchgeführten Logs. AdwCleaner Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 19:29:32
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : ***** - HEIKE
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Level Quality Watcher
Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Pokki
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerEnhance
Ordner Gelöscht : C:\Program Files\Level Quality Watcher
Ordner Gelöscht : C:\Program Files\SavingsBull
Ordner Gelöscht : C:\Users\*****\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\*****\AppData\Local\Tuguu_SL
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\MediaPlayerEnhance-chromeinstaller
Datei Gelöscht : C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\MediaPlayerEnhance-codedownloader
Datei Gelöscht : C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\MediaPlayerEnhance-enabler
Datei Gelöscht : C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\MediaPlayerEnhance-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\MediaPlayerEnhance-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\MediaPlayerEnhance-updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c95b251b-7567-4d60-abbc-8abfcade4bb0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{daf7e0a7-c1ef-4f95-856f-ae568128a39f}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c95b251b-7567-4d60-abbc-8abfcade4bb0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{daf7e0a7-c1ef-4f95-856f-ae568128a39f}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Bull
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MediaPlayerEnhance
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\SavingsBullFilter
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\Software\MediaPlayerEnhance
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16843
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.InstallationTime", 1393571750);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150_dbWasSet_FF25_FIX", true[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.active", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.asyncdb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.asyncinternaldb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie.InstallationTime.value", "%221393571750%22");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000555%22%2C%22sub_id%22%3A%22verticals-ad[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie._GPL_aoi.value", "%221396093835%22");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.cookie._GPL_parent_zoneid.value", "%22518233%22");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.description", "MediaPlayerEnhance Extension");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.domain", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.homepage", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.iframe", false);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2294FF454E2C484762B802329093637[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000555%22%2C%22sub_id%22%3A%22vertical[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000555%22%2C%22sub_id%22%3A%22ver[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2294FF454E2C484762B802[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_appVer.value", "84");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_lastVersion.value", "2");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_meta.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_nextCheck.expiration", "Fri Apr 04 2014 20:02:31 GMT+0200");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.__defualt_browser__.value", "%22ff%22");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2294FF454E[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledWithHash.value", "null");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_last_executable_request.expiration", "Sat Apr 05 2014 02:47:34 GMT+[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//filepony.de/dl-R21lci0[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.lastDailyReport", "1396612950213");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.lastUpdate", "1396612951048");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.name", "MediaPlayerEnhance");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.newtab", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.opensearch", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/44150/plugins/094/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.pluginsversion", 77);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.publisher", "Feven");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.thankyou", "");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.ver", 84);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.FilesValidatorDueTime", "1396613008203");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.apps", "44150");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.bic", "1448fb364ad9800e1fc1ea9427a060e4");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.cid", 44150);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.firstrun", false);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.installationdate", 1394033560);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.modetype", "production");
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.statsDailyCounter", 44);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1448fb364ad9800e1fc1ea9427a060e4");
*************************
AdwCleaner[R0].txt - [24794 octets] - [04/04/2014 19:28:39]
AdwCleaner[S0].txt - [22158 octets] - [04/04/2014 19:29:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22219 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by ***** on 04.04.2014 at 19:38:40,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2014 at 19:42:56,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ***** (administrator) on HEIKE on 04-04-2014 20:00:31
Running from C:\Users\*****\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [548864 2009-02-04] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {8E2F353B-9A3A-40E6-A291-7876503006E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {8E2F353B-9A3A-40E6-A291-7876503006E6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {8E2F353B-9A3A-40E6-A291-7876503006E6} URL =
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\wbjvg716.default\Extensions\toolbar@web.de.xpi [2014-03-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S2 SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-04 19:59 - 2014-04-04 20:00 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-04-04 19:45 - 2014-04-04 20:00 - 00016044 _____ () C:\Users\*****\Desktop\FRST.txt
2014-04-04 19:42 - 2014-04-04 19:42 - 00000618 _____ () C:\Users\*****\Desktop\JRT.txt
2014-04-04 19:38 - 2014-04-04 19:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 19:36 - 2014-04-04 19:37 - 00000000 ____D () C:\Users\*****\Desktop\vorher
2014-04-04 19:36 - 2014-04-04 19:36 - 01038974 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-04-04 19:28 - 2014-04-04 19:29 - 00000000 ____D () C:\AdwCleaner
2014-04-04 19:23 - 2014-04-04 19:23 - 01426178 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-04-04 14:56 - 2014-04-04 14:56 - 00421880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-04 14:47 - 2014-04-04 14:47 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-04-04 14:42 - 2014-04-04 20:00 - 00000000 ____D () C:\FRST
2014-04-04 14:40 - 2014-04-04 14:40 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-04-04 14:38 - 2014-04-04 14:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-03-21 11:00 - 2014-03-21 11:00 - 06708928 _____ (TomTom International B.V.) C:\Users\*****\Downloads\InstallMyDriveConnect.exe
2014-03-19 16:26 - 2014-03-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 14:57 - 2014-03-19 15:01 - 00031232 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-03-14 09:34 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-14 09:34 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 09:34 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 09:34 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 09:34 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 09:34 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 09:34 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 09:34 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 09:34 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 09:34 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 09:34 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 09:34 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 09:34 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-14 09:34 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 09:34 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-14 09:34 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-14 09:33 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 09:33 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-14 09:33 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 09:33 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 09:33 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-14 09:33 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-05 11:24 - 2014-03-05 11:24 - 00000000 __SHD () C:\Recovery
2014-03-05 11:16 - 2014-03-05 11:16 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-03-05 10:58 - 2014-03-05 10:58 - 00000712 _____ () C:\Windows\DtcInstall.log
2014-03-05 10:56 - 2014-03-05 10:57 - 00001563 _____ () C:\Windows\comsetup.log
2014-03-05 10:54 - 2014-03-05 11:01 - 00520446 _____ () C:\Windows\setupact.log
2014-03-05 10:54 - 2014-03-05 11:01 - 00032388 _____ () C:\Windows\diagwrn.xml
2014-03-05 10:54 - 2014-03-05 11:01 - 00032388 _____ () C:\Windows\diagerr.xml
2014-03-05 10:54 - 2014-03-05 10:54 - 00000000 _____ () C:\Windows\setuperr.log
==================== One Month Modified Files and Folders =======
2014-04-04 20:00 - 2014-04-04 19:59 - 02157056 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-04-04 20:00 - 2014-04-04 19:45 - 00016044 _____ () C:\Users\*****\Desktop\FRST.txt
2014-04-04 20:00 - 2014-04-04 14:42 - 00000000 ____D () C:\FRST
2014-04-04 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-04 19:57 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 19:54 - 2014-02-16 00:34 - 00000000 ____D () C:\Users\*****\AppData\Local\Deployment
2014-04-04 19:50 - 2014-02-16 00:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 19:45 - 2014-02-15 23:26 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2839397568-1600097902-707492972-1002
2014-04-04 19:42 - 2014-04-04 19:42 - 00000618 _____ () C:\Users\*****\Desktop\JRT.txt
2014-04-04 19:38 - 2014-04-04 19:38 - 00000000 ____D () C:\Windows\ERUNT
2014-04-04 19:37 - 2014-04-04 19:36 - 00000000 ____D () C:\Users\*****\Desktop\vorher
2014-04-04 19:37 - 2013-10-09 00:48 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 19:37 - 2013-10-09 00:48 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 19:37 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 19:36 - 2014-04-04 19:36 - 01038974 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-04-04 19:30 - 2014-03-04 16:37 - 01325054 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 19:30 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-04 19:29 - 2014-04-04 19:28 - 00000000 ____D () C:\AdwCleaner
2014-04-04 19:23 - 2014-04-04 19:23 - 01426178 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-04-04 19:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-04 14:56 - 2014-04-04 14:56 - 00421880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-04 14:56 - 2014-03-04 18:19 - 00002686 _____ () C:\Windows\PFRO.log
2014-04-04 14:56 - 2014-02-15 23:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-04 14:47 - 2014-04-04 14:47 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-04-04 14:40 - 2014-04-04 14:40 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-04-04 14:40 - 2014-02-15 23:18 - 00000000 ____D () C:\Users\*****
2014-04-04 14:38 - 2014-04-04 14:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-03-23 15:14 - 2014-02-16 00:29 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-21 11:00 - 2014-03-21 11:00 - 06708928 _____ (TomTom International B.V.) C:\Users\*****\Downloads\InstallMyDriveConnect.exe
2014-03-19 16:26 - 2014-03-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:01 - 2014-03-19 14:57 - 00031232 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-03-19 14:58 - 2014-02-16 00:49 - 00000000 ___RD () C:\Users\*****\Documents\Eigene Dateien alt
2014-03-19 14:32 - 2014-02-16 00:47 - 00000000 ____D () C:\Users\*****\Documents\Downloads alt
2014-03-18 12:47 - 2014-02-18 12:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 12:45 - 2014-02-18 12:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 12:45 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-16 11:38 - 2014-02-15 23:20 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-16 11:38 - 2014-02-15 23:20 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 20:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 08:50 - 2014-02-16 00:05 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-08 18:19 - 2014-02-15 23:19 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-03-05 11:52 - 2013-11-14 10:24 - 00000000 ___HD () C:\$Windows.~BT
2014-03-05 11:45 - 2014-02-15 23:18 - 00000000 ___RD () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-05 11:45 - 2013-10-08 15:25 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-05 11:45 - 2013-10-08 15:18 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-05 11:45 - 2013-10-08 15:17 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-03-05 11:45 - 2013-10-08 15:17 - 00000000 ____D () C:\Windows\system32\NV
2014-03-05 11:45 - 2013-10-08 15:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-05 11:45 - 2013-10-08 15:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-05 11:45 - 2013-10-08 14:56 - 00000000 ____D () C:\Program Files\Intel
2014-03-05 11:45 - 2013-08-02 16:59 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-05 11:45 - 2013-08-02 16:53 - 00000000 ____D () C:\ProgramData\PRICache
2014-03-05 11:45 - 2012-07-26 10:18 - 00000000 ____D () C:\Windows\DigitalLocker
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\spool
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\IME
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Help
2014-03-05 11:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-05 11:45 - 2012-07-26 09:49 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-03-05 11:45 - 2012-07-26 09:49 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-03-05 11:45 - 2012-07-26 09:49 - 00000000 ____D () C:\Windows\system32\WCN
2014-03-05 11:45 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\SysWOW64\SMI
2014-03-05 11:45 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-05 11:37 - 2013-10-08 15:47 - 00000000 ____D () C:\Users\Default\AppData\Local\Pokki
2014-03-05 11:37 - 2013-10-08 15:47 - 00000000 ____D () C:\Users\Default User\AppData\Local\Pokki
2014-03-05 11:24 - 2014-03-05 11:24 - 00000000 __SHD () C:\Recovery
2014-03-05 11:16 - 2014-03-05 11:16 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-03-05 11:01 - 2014-03-05 10:54 - 00520446 _____ () C:\Windows\setupact.log
2014-03-05 11:01 - 2014-03-05 10:54 - 00032388 _____ () C:\Windows\diagwrn.xml
2014-03-05 11:01 - 2014-03-05 10:54 - 00032388 _____ () C:\Windows\diagerr.xml
2014-03-05 10:58 - 2014-03-05 10:58 - 00000712 _____ () C:\Windows\DtcInstall.log
2014-03-05 10:57 - 2014-03-05 10:56 - 00001563 _____ () C:\Windows\comsetup.log
2014-03-05 10:56 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2014-03-05 10:54 - 2014-03-05 10:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-05 04:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-05 02:53 - 2014-02-15 23:18 - 00000000 ____D () C:\Users\*****\AppData\Local\Packages
2014-03-05 00:52 - 2014-02-18 10:17 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2014-02-18 10:17 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-04 15:36
==================== End Of Log ============================
--- --- --- Ich selbst konnte schon beobachten, dass mir nicht andauernd Pop-ups ins Gesicht springen und bisher auch kein neuer Tab von selbst aufgegangen ist. Diese doppelt geschriebenen und gleichzeitig verlinkten Wörter, wo eigentlich keine Links sein sollten sind auch weg |
|
04.04.2014, 19:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Sehr gut. Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2014, 21:01
| #11 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Und die restlichen Logs. mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 04.04.2014 20:27:07, SYSTEM, HEIKE, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1, Update, 04.04.2014 20:27:30, SYSTEM, HEIKE, Manual, Malware Database, 2014.3.4.9, 2014.4.4.5, (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2972cd45bb7eed4aa1d0d10445e7c741
# engine=17760
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-04 07:55:21
# local_time=2014-04-04 09:55:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 1736486 22418884 0 0
# scanned=163738
# found=3
# cleaned=0
# scan_time=3344
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\temp\t.msi"
|
|
05.04.2014, 14:40
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. MBAM hast du falsch gemacht, wiederhole den Scan und mach es bitte richtig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2014, 18:09
| #13 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Hi cosinus, Ich habs nochmal gemacht und anders als beim ersten Mal hat das Programm mir einen Neustart angeboten. Ich hoffe jetzt ist alles korrekt! Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.04.2014 Suchlauf-Zeit: 19:00:39 Logdatei: mbam.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.04.05.04 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 265866 Verstrichene Zeit: 20 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, In Quarantäne, [8977f40cdb25c33d47d3a8c3966c8f71], PUP.Optional.FevenPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro 1.2, Löschen bei Neustart, [8c74cc348e724fb1435c4028e220d52b], PUP.Optional.MediaPlayerEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerEnhance, Löschen bei Neustart, [b848af518b75c43c79bf4425d62c21df], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[41bf48b806fa25db5cc5ff1662a28a76] Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.DomalQ, C:\Users\*****\Downloads\Setup(1).exe, In Quarantäne, [c43cff019769ae526f8545acf211d927], PUP.Optional.DomalQ, C:\Users\*****\Downloads\Setup(2).exe, In Quarantäne, [738d936d87793bc5559f1ad710f3d030], PUP.Optional.Awesomehp.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml, In Quarantäne, [946c629eb947946c896c6406e51da35d], Physische Sektoren: 0 (No malicious items detected) (end) |
|
06.04.2014, 12:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Nur Adware-Reste. TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2014, 17:03
| #15 |
| | Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. Es läuft alles wieder wie geschmiert Keine Pop-ups, sich selbst öffnenden Tabs oder ähnliches! Ich bin dir zu tausend Dank verpflichtet!  Ich bin super begeistert und werde Trojaner-Board auf jeden Fall weiterempfehlen Soll ich jetzt noch etwas von den Programmen deinstallieren oder sonstige Sachen machen? Oder kann ich zum Beispiel Malwarebytes Anti-Malware auch zwischendurch einfach mal zur Sicherheit durchlaufen lassen? Ganz liebe Grüße von der jetzt wieder überglücklichen Ma-iiii  |
|
| Themen zu Windows 8: Pop-up Fenster und sich selbst öffnende Tabs. |
| 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, blau unterstrichen, browser, device driver, failed, fehler, firefox, firefox 28.0, homepage, iexplore.exe, langsam, launch, mozilla, msiinstaller, netzwerk, ntdll.dll, problem, quick_start, realtek, registry, rundll, security, services.exe, siteadvisor, software, svchost.exe, symantec, system, teredo, tracker, usb, werbung, windows |
Linear-Darstellung
