|
Plagegeister aller Art und deren Bekämpfung: Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wirdWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.07.2014, 17:45 | #1 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Wie im Titel schon erwähnt, öffnet Firefox derzeit ständig eigenmächtig Fenster/Tabs - auch wenn ich in dem Moment Firefox gar nicht nutzen möchte. (zB wenn ich über ein Spieleclient online gehe) Bevor wir loslegen, muss ich noch erwähnen, das ich kaum bis keine Ahnung habe und genaue Anleitungen brauche um Folgen zu können. Wie ich an die ersten Logfiles komme, hab ich mich erstmal hier durchgelesen und hoffe habe alles richtig gemacht für meinen ersten Versuch dabei. Solltet ich doch was vergessen haben - werd ich natürlich versuchen diese Nachzureichen^^ defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:44 on 19/07/2014 (Lola) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014 Ran by Lola (administrator) on STUBE on 19-07-2014 17:48:13 Running from C:\Users\Lola\Desktop Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe (AMD) C:\Windows\System32\atieclxx.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe () C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1404736 2014-06-16] (Spigot, Inc.) HKLM-x32\...\Run: [fst_de_86] => [X] HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [framei] => C:\Users\Lola\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [nvcmd] => C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [cntcmd] => C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) BootExecute: RegistryDefragBootTime.exeautocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE64.dll (Spigot, Inc.) URLSearchHook: HKCU - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms} SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO-x32: IObit Apps Toolbar -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files (x86)\Flowsurf\FlowSurf.dll (FlowSurf Inc.) Toolbar: HKLM - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE64.dll (Spigot, Inc.) Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.4\iobitappsToolbarIE.dll (Spigot, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.repage.de/member/paladine FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll (LLC Mail.Ru) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07] FF Extension: Fast Start - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\faststartff@gmail.com [2014-07-14] FF Extension: Start Page - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} [2014-06-17] FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19] FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18] FF HKLM-x32\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack FF Extension: FlowSurf - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\extensions\faststartff@gmail.com FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 Chrome: ======= CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: webssearches CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll (LLC Mail.Ru) CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23] CHR Extension: (FlowSurf) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Lola\AppData\Local\Slick Savings\coupons.crx [2014-07-14] ==================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-19 17:48 - 2014-07-19 17:48 - 00022616 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-19 17:47 - 2014-07-19 17:48 - 00000000 ____D () C:\FRST 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-15 12:18 - 2014-07-15 12:18 - 00000000 ____D () C:\Program Files (x86)\predm 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-14 21:38 - 2014-07-14 21:38 - 00000000 ____D () C:\Users\Lola\AppData\Local\ContextFree 2014-07-14 21:36 - 2014-07-15 12:21 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\InetStat 2014-07-14 21:36 - 2014-07-14 21:36 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-07-14 21:34 - 2014-07-15 09:38 - 00000002 _____ () C:\END 2014-07-14 21:34 - 2014-07-15 09:38 - 00000000 ____D () C:\Program Files (x86)\Flowsurf 2014-07-14 21:34 - 2014-07-14 21:34 - 00003082 _____ () C:\WINDOWS\System32\Tasks\fsupdate 2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar 2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\Application Updater 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-07-19 09:52 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini ==================== One Month Modified Files and Folders ======= 2014-07-19 17:48 - 2014-07-19 17:48 - 00022616 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-19 17:48 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:44 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola 2014-07-19 17:43 - 2014-06-09 18:15 - 01755225 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:36 - 2014-01-17 23:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt 2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-07-19 17:20 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job 2014-07-19 17:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-19 17:13 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-19 17:07 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-19 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job 2014-07-19 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-07-19 09:52 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-19 09:52 - 2014-01-28 00:31 - 00000000 ___DO () C:\Users\Lola\SkyDrive 2014-07-19 03:13 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7} 2014-07-15 12:23 - 2014-06-17 10:13 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Slick Savings 2014-07-15 12:23 - 2014-06-17 10:13 - 00000000 ____D () C:\Users\Lola\AppData\Local\Slick Savings 2014-07-15 12:21 - 2014-07-14 21:36 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\InetStat 2014-07-15 12:18 - 2014-07-15 12:18 - 00000000 ____D () C:\Program Files (x86)\predm 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-15 09:42 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-15 09:42 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-15 09:42 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-15 09:38 - 2014-07-14 21:34 - 00000002 _____ () C:\END 2014-07-15 09:38 - 2014-07-14 21:34 - 00000000 ____D () C:\Program Files (x86)\Flowsurf 2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml 2014-07-15 09:37 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365 2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-15 09:36 - 2014-06-09 05:51 - 73138176 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2014-07-15 09:36 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2014-07-15 09:36 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2014-07-15 09:36 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2014-07-15 09:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-15 06:23 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-14 21:38 - 2014-07-14 21:38 - 00000000 ____D () C:\Users\Lola\AppData\Local\ContextFree 2014-07-14 21:36 - 2014-07-14 21:36 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-07-14 21:35 - 2014-01-28 00:25 - 00001688 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-14 21:35 - 2014-01-17 23:25 - 00001385 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-14 21:34 - 2014-07-14 21:34 - 00003082 _____ () C:\WINDOWS\System32\Tasks\fsupdate 2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe 2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar 2014-07-01 11:51 - 2014-07-01 11:51 - 00000000 ____D () C:\Program Files (x86)\Application Updater 2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client 2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini 2014-06-19 10:15 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\IObit 2014-06-19 03:39 - 2014-07-09 05:54 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-19 02:48 - 2014-07-09 05:53 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-19 02:16 - 2014-07-09 05:54 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-19 02:09 - 2014-07-09 05:53 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-19 01:51 - 2014-07-09 05:54 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-09 05:53 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-09 05:53 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-19 01:46 - 2014-07-09 05:54 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-06-19 01:39 - 2014-07-09 05:53 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-19 01:33 - 2014-07-09 05:53 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-09 05:53 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-19 01:27 - 2014-07-09 05:53 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-19 01:12 - 2014-07-09 05:53 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-19 00:59 - 2014-07-09 05:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 05:53 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-19 00:58 - 2014-07-09 05:53 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-19 00:57 - 2014-07-09 05:54 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-06-19 00:52 - 2014-07-09 05:53 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-09 05:54 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-09 05:53 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-19 00:45 - 2014-07-09 05:53 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 05:53 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-09 05:53 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-09 05:53 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-09 05:53 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-09 05:53 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-09 05:53 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll Files to move or delete: ==================== C:\ProgramData\uninstall265917.exe Some content of TEMP: ==================== C:\Users\Freya\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe C:\Users\Thomas\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 14:57 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014 Ran by Lola at 2014-07-19 17:50:16 Running from C:\Users\Lola\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{6F33B065-4478-44EE-8E5F-A40BBD61619F}) (Version: 20.2.45.72438 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.2.45.72438 - Alcor Micro Corp.) Hidden AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{E3AB2F4D-B540-437B-4E4F-3A3C344C3B2A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Center@Mail.Ru - EU (HKCU\...\GameCenterMailRu-EU) (Version: 2.320 - LLC Mail.Ru) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2012 - Acer Incorporated) ContextFree (HKCU\...\ContextFree) (Version: - ) Dark Mysteries: Der Seelensammler Sammleredition (HKLM-x32\...\Dark Mysteries: Der Seelensammler Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\Dark Strokes: Die Sünden der Väter Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Der Fluch der Werwölfe Sammleredition (HKLM-x32\...\Der Fluch der Werwölfe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition (HKLM-x32\...\Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Die 4 Elemente (HKLM-x32\...\Die 4 Elemente) (Version: 0.0.0.0 - INTENIUM GmbH) Die 4 Elemente II Sammleredition (HKLM-x32\...\Die 4 Elemente II Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit) Elementals: Der Magische Schlüssel (HKLM-x32\...\Elementals: Der Magische Schlüssel) (Version: 1.0.0.0 - INTENIUM GmbH) Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Haunted Past: Im Reich der Geister Sammleredition (HKLM-x32\...\Haunted Past: Im Reich der Geister Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition (HKLM-x32\...\Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Haus der 1000 Türen Sammleredition (HKLM-x32\...\Haus der 1000 Türen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3005 - Acer Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Acer Incorporated) IObit Apps Toolbar v9.4 (HKLM-x32\...\{5FACD482-8CE2-41D5-B05F-9EE67D21ECE7}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Legend - Legacy Of The Dragons (HKCU\...\Legend - Legacy Of The Dragons (DE)) (Version: 1.9 - Mail.Ru Games GmbH) LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Acer Incorporated) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6859 - Realtek Semiconductor Corp.) Sacra Terra 2: Der Kuss des Todes Sammleredition (HKLM-x32\...\Sacra Terra 2: Der Kuss des Todes Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Sacra Terra: Nacht der Engel Sammleredition (HKLM-x32\...\Sacra Terra: Nacht der Engel Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit) Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Voodoo Chroniken: Erstes Zeichen Sammleredition (HKLM-x32\...\Voodoo Chroniken: Erstes Zeichen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Wise Care 365 2.99 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.99 - WiseCleaner.com, Inc.) ==================== Restore Points ========================= 30-06-2014 10:21:00 Geplanter Prüfpunkt 08-07-2014 01:37:08 Geplanter Prüfpunkt 11-07-2014 07:11:54 Windows Modules Installer 18-07-2014 12:27:43 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03788E86-B7B8-4E63-B551-3C2AD247CFF7} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0622BD4E-1624-4D7D-BBF1-12695E6745F6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-02-27] (Acer Incorporated) Task: {07771D45-0369-49C2-8A17-1F224FB67EC9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2611022401-1185657083-2724232758-1001 Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {29A36733-D1DF-43DB-9141-740D150877D1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2F947BC4-4262-4BBF-A78F-003E94166000} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {355BFE34-8469-49CC-8BFE-10C6BA036237} - \The weDownload Manager-enabler No Task File <==== ATTENTION Task: {396993F1-06F6-4B62-8230-4524A7805DE7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {41EB21E1-55BF-49E7-AACB-53FA3FC10FA2} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit) Task: {420853CD-78F8-4573-9AF9-0D2A2D43AFFD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4C23CDEF-B252-426C-879E-1AB0BDCEFD0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation) Task: {56CAB56C-29F8-49A4-9FBF-356CE766BA30} - System32\Tasks\fsupdate => C:\Program Files (x86)\Flowsurf\fsupd.exe [2014-04-15] () Task: {5BD0C2C6-2F41-4ECA-A795-35F9FFFF3BEE} - System32\Tasks\RunAsStdUser_GameCenterMailRu-EU => C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\gamecenter@mail.ru.exe [2014-06-11] () Task: {5FA885F4-7F52-4F6C-8135-60DAC70882C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {63D499B3-DCC5-4C9A-A5B7-B77097D5EF33} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION Task: {659AB603-985B-4C8E-8316-91C7E40A4024} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM) Task: {667938BF-64DB-47F6-B61D-555C33829F76} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit) Task: {679929BC-487F-4EEB-A1C2-86B1B45E9135} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-06-13] () Task: {694A34E4-F5AC-4818-85F4-10DEFB91478C} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION Task: {694AEFB2-C1B3-40CE-B1D8-E67D97FA6348} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-05-09] (IObit) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {744877A2-28E3-435A-9CE9-F70A68FBA20D} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7AFFDBD5-D60B-4A99-8B48-239CEA06206E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {82289AA5-EA75-4D97-B43B-D731687B4F30} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-07] (IObit) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8C197F2F-7907-4B64-A1D3-20D2AA22695B} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION Task: {8C85203C-0983-4E97-A28F-9134C25861C2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {93BE7CD1-ECFD-4235-9350-09EF10809A57} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {9CB31A68-86B3-4E17-BF5C-57B535DF3F3B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {C1317186-1346-44AB-92EA-C5635A789E8C} - System32\Tasks\ASC7_SkipUac_Lola => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit) Task: {C53E619E-1F73-4BD8-8D8E-F263A59F2C3D} - \The weDownload Manager-updater No Task File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E26439DF-BDA4-4A64-811C-3BC9826F45AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E2C41E52-73D6-45BE-AA6A-84316EF4DA4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E5766170-AD65-476C-9283-F466803F357C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {EB85D3CB-FCE5-40BB-B285-CEB018C61702} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit) Task: {FB46942C-D91E-4919-80C5-158CD0AE790F} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-02-22] () Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-23 12:28 - 2014-05-23 12:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-07-01 14:26 - 2014-07-01 14:26 - 00596480 _____ () C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe 2013-12-05 14:35 - 2013-02-20 23:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2014-06-07 15:12 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-07-15 12:17 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl 2014-07-15 12:17 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl 2014-07-15 12:17 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl 2014-06-07 16:12 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll 2014-06-07 15:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl 2014-06-07 15:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl 2014-06-07 15:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl 2014-06-07 15:12 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll 2014-06-17 10:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl 2014-06-17 10:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl 2014-06-17 10:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl 2014-06-17 10:12 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll 2014-06-17 10:12 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll 2014-06-17 10:12 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll 2014-06-17 10:12 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll 2014-06-07 15:12 - 2013-12-02 19:06 - 01281312 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\Scan.dll 2014-07-15 12:17 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Freya\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Lola\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Thomas\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: GameCenterMailRu-EU => "c:\users\lola\appdata\local\mail.ru\gamecenter-eu\gamecenter@mail.ru.exe" -autostart ==================== Faulty Device Manager Devices ============= Name: CIF Single Chip Description: CIF Single Chip Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/19/2014 05:31:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/19/2014 05:31:23 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/19/2014 05:31:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17039, Zeitstempel: 0x53156588 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000005280fd8 ID des fehlerhaften Prozesses: 0x1084 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5 Error: (07/19/2014 05:26:12 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/19/2014 00:55:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/19/2014 10:03:08 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/19/2014 07:51:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/18/2014 03:36:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/18/2014 02:57:32 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/18/2014 09:42:21 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. System errors: ============= Error: (07/19/2014 09:54:55 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/19/2014 07:42:41 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 10:17:43 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 08:56:35 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 02:25:57 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 10:16:31 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 00:21:32 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/17/2014 08:39:10 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/17/2014 04:56:48 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/17/2014 09:44:04 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (07/19/2014 05:31:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/19/2014 05:31:23 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/19/2014 05:31:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.3.9600.1703953156588unknown0.0.0.000000000c00000050000000005280fd8108401cfa3264d65d5cfC:\WINDOWS\Explorer.EXEunknownbaef9508-0f59-11e4-bebf-f80f41a03396 Error: (07/19/2014 05:26:12 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/19/2014 00:55:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/19/2014 10:03:08 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/19/2014 07:51:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/18/2014 03:36:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/18/2014 02:57:32 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/18/2014 09:42:21 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe ==================== Memory info =========================== Percentage of memory in use: 26% Total physical RAM: 7613.49 MB Available physical RAM: 5615.26 MB Total Pagefile: 8829.49 MB Available Pagefile: 5843.15 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:455.25 GB) (Free:385.11 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.11 GB) (Free:454.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 651131BF) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-07-19 18:13:01 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000026 WDC_WD10EZEX-22RKKA0 rev.80.00A80 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\Lola\AppData\Local\Temp\kgldypog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000199600 15 bytes [00, F8, 09, 02, 80, 32, 72, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000199610 11 bytes [00, BC, FB, FF, 00, 77, B2, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atiesrxx.exe[988] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\atieclxx.exe[540] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\system32\taskhostex.exe[1972] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\WINDOWS\Explorer.EXE[2080] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe[2352] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3380] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[3916] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1dd2169a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff1dd216a2 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1dd2181a 4 bytes [D2, 1D, FF, 7F] .text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[1244] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff1dd21832 4 bytes [D2, 1D, FF, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [536:572] fffff96000897b90 Thread C:\WINDOWS\system32\svchost.exe [272:2320] 00007fff0b336cb4 Thread C:\WINDOWS\system32\svchost.exe [272:2632] 00007fff169f5340 Thread C:\WINDOWS\system32\svchost.exe [1280:3144] 00007fff0e974608 Thread C:\WINDOWS\system32\svchost.exe [1280:3148] 00007fff0eb31584 Thread C:\WINDOWS\system32\svchost.exe [1280:3160] 00007fff0e8e1b40 Thread C:\Windows\System32\SettingSyncHost.exe [2440:2448] 00007fff15fd4b30 ---- Processes - GMER 2.1 ---- Process C:\Users\Lola\AppData\Local\ContextFree\framei.exe (*** suspicious ***) @ C:\Users\Lola\AppData\Local\ContextFree\framei.exe [3524](2014-07-01 12:26:50) 0000000000400000 Process C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe (*** suspicious ***) @ C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [3568](2 0000000000400000 Process C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe (*** suspicious ***) @ C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [3604](2014-07-01 12:26:52) 0000000000400000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter Exportierte Ereignisse: 14.07.2014 21:36 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.ALJT.1' [adware] gefunden. Ausgeführte Aktion: Übergeben an Scanner |
19.07.2014, 18:21 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wirdMein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [framei] => C:\Users\Lola\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [nvcmd] => C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [cntcmd] => C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] () C:\Users\Lola\AppData\Local\ContextFree\ Reboot:
Der PC startet neu! Schritt 2
Schritt 3 Bitte deinstalliere folgende Programme: IObit Apps Toolbar v9.4 Versuche es bei Windows 8 mit der Windowstaste + X über . Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 4 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 5 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ |
19.07.2014, 20:20 | #3 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Hallo Jürgen und ja, mit so einer guten Beschreibung, da schaff ich es sogar eins nach dem anderen ab zu arbeiten^^
__________________Hoffe ich hab nix vergessen Schritt 1: Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014 Ran by Lola at 2014-07-19 20:41:45 Run:1 Running from C:\Users\Lola\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [framei] => C:\Users\Lola\AppData\Local\ContextFree\framei.exe [567808 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [nvcmd] => C:\Users\Lola\AppData\Local\ContextFree\nvcmd.exe [596480 2014-07-01] () HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [cntcmd] => C:\Users\Lola\AppData\Local\ContextFree\cntcmd.exe [596480 2014-07-01] () C:\Users\Lola\AppData\Local\ContextFree\ Reboot: ***************** HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\framei => value deleted successfully. HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\nvcmd => value deleted successfully. HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cntcmd => value deleted successfully. C:\Users\Lola\AppData\Local\ContextFree => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== Quarantine.zip hochgeladen - mit Link hier zum Thema + Lady Frigg Schritt 3: IObit Apps Toolbar v9.4 dürfte deinstalliert sein - zumindest finde ich davon nix mehr Schritt 4: AdwCleaner Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 19/07/2014 um 21:00:20 # Aktualisiert 17/07/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Lola - STUBE # Gestartet von : C:\Users\Lola\Desktop\adwcleaner_3.216.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\IObit\Driver Booster Ordner Gelöscht : C:\Program Files (x86)\Flowsurf Ordner Gelöscht : C:\Program Files (x86)\IObit\Driver Booster Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\Program Files (x86)\SupTab Ordner Gelöscht : C:\Users\Freya\AppData\Local\Mail.Ru Ordner Gelöscht : C:\Users\Freya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru Ordner Gelöscht : C:\Users\Lola\AppData\Local\Mail.Ru Ordner Gelöscht : C:\Users\Lola\AppData\Local\Slick Savings Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\InetStat Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\IObit\Driver Booster Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\quickclick Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Slick Savings Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} Ordner Gelöscht : C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\faststartff@gmail.com Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com Datei Gelöscht : C:\END Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk Datei Gelöscht : C:\Users\Lola\daemonprocess.txt Datei Gelöscht : C:\Users\Thomas\daemonprocess.txt Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml Datei Gelöscht : C:\WINDOWS\System32\Tasks\Driver Booster Scan Datei Gelöscht : C:\WINDOWS\System32\Tasks\Driver Booster Update Datei Gelöscht : C:\WINDOWS\System32\Tasks\fsupdate ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Lola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\TutoTag Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings Schlüssel Gelöscht : HKLM\Software\FrEeSoFtOdAy Schlüssel Gelöscht : HKLM\Software\SupDp Schlüssel Gelöscht : HKLM\Software\SupTab Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect Schlüssel Gelöscht : HKLM\Software\Tutorials Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17126 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v30.0 (de) [ Datei : C:\Users\Freya\AppData\Roaming\Mozilla\Firefox\Profiles\1a52243f.default\prefs.js ] [ Datei : C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\prefs.js ] [ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ Datei : C:\Users\Freya\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh [ Datei : C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 Gelöscht [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp [ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [38968 octets] - [20/02/2014 21:14:15] AdwCleaner[R1].txt - [1365 octets] - [20/02/2014 22:39:31] AdwCleaner[R2].txt - [11505 octets] - [19/07/2014 20:59:26] AdwCleaner[S0].txt - [35826 octets] - [20/02/2014 21:17:27] AdwCleaner[S1].txt - [1428 octets] - [20/02/2014 22:41:15] AdwCleaner[S2].txt - [8794 octets] - [19/07/2014 21:00:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8854 octets] ########## FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014 Ran by Lola (administrator) on STUBE on 19-07-2014 21:08:49 Running from C:\Users\Lola\Desktop Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [fst_de_86] => [X] HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.repage.de/member/paladine FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07] FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19] FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18] FF HKLM-x32\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: webssearches CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23] CHR Extension: (FlowSurf) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-07-14] ==================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-19 21:08 - 2014-07-19 21:08 - 00015514 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt 2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-19 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe 2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt 2014-07-19 18:03 - 2014-07-19 21:02 - 00006360 _____ () C:\WINDOWS\PFRO.log 2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag 2014-07-19 17:47 - 2014-07-19 21:08 - 00000000 ____D () C:\FRST 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-07-19 21:03 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini ==================== One Month Modified Files and Folders ======= 2014-07-19 21:09 - 2014-07-19 21:08 - 00015514 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-19 21:08 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST 2014-07-19 21:08 - 2014-01-17 23:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001 2014-07-19 21:07 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-19 21:07 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-19 21:07 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-19 21:07 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt 2014-07-19 21:04 - 2014-06-09 18:15 - 01889916 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-19 21:04 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7} 2014-07-19 21:03 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-19 21:03 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365 2014-07-19 21:03 - 2014-01-28 00:31 - 00000000 __RDO () C:\Users\Lola\SkyDrive 2014-07-19 21:02 - 2014-07-19 18:03 - 00006360 _____ () C:\WINDOWS\PFRO.log 2014-07-19 21:02 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-19 21:01 - 2014-02-20 21:13 - 00000000 ____D () C:\AdwCleaner 2014-07-19 21:01 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-19 21:00 - 2014-02-09 22:56 - 00000000 ____D () C:\Users\Thomas 2014-07-19 21:00 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola 2014-07-19 21:00 - 2014-01-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-19 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe 2014-07-19 20:54 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-19 20:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt 2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag 2014-07-19 18:03 - 2014-06-09 05:51 - 73416704 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2014-07-19 18:01 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt 2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job 2014-07-19 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml 2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-14 16:17 - 2014-07-14 16:17 - 00339680 _____ () C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe 2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client 2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-19 10:16 - 2014-06-19 10:16 - 00000024 _____ () C:\Users\Lola\AppData\Roaming\temp.ini 2014-06-19 10:15 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\IObit 2014-06-19 03:39 - 2014-07-09 05:54 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-19 02:48 - 2014-07-09 05:53 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-19 02:16 - 2014-07-09 05:54 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-19 02:09 - 2014-07-09 05:53 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-19 01:51 - 2014-07-09 05:54 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-09 05:53 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-09 05:53 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-19 01:46 - 2014-07-09 05:54 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-06-19 01:39 - 2014-07-09 05:53 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-19 01:33 - 2014-07-09 05:53 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-09 05:53 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-19 01:27 - 2014-07-09 05:53 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-19 01:12 - 2014-07-09 05:53 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-19 00:59 - 2014-07-09 05:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 05:53 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-19 00:58 - 2014-07-09 05:53 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-19 00:57 - 2014-07-09 05:54 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-06-19 00:52 - 2014-07-09 05:53 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-09 05:54 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-09 05:53 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-19 00:45 - 2014-07-09 05:53 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 05:53 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-09 05:53 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-09 05:53 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-09 05:53 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-09 05:53 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-09 05:53 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll Files to move or delete: ==================== C:\ProgramData\uninstall265917.exe Some content of TEMP: ==================== C:\Users\Freya\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\Quarantine.exe C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe C:\Users\Thomas\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 14:57 ==================== End Of Log ============================ |
19.07.2014, 20:29 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Prima machst Du das... Schritt 1 Malwarebytes Antimalware
Schritt 2 ESET Online Scanner
Schritt 3 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
20.07.2014, 00:07 | #5 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird *puh* das artet ja richtig in Arbeit aus aber hab mich tapfer durchgekämpft^^ Dazu kann ich berichten - nach den ersten Anweisungen gab es keine selbstständige Tabs von Firefox mehr. Schritt 1: MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.07.2014 Suchlauf-Zeit: 21:43:59 Logdatei: Protokoll.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.19.07 Rootkit Datenbank: v2014.07.17.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Lola Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 412924 Verstrichene Zeit: 28 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 16 PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A8018C54-B702-4D52-9ACC-8CA78911E633}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C6A846C5-D67F-48B4-8552-C22354E56966}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C321541F-B22D-4593-AC1A-9634812A4E40}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CA2A4DE-483E-456B-8634-6445460D7097}, Löschen bei Neustart, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [445d960a1f5c63d32a8fb4a555ad8b75], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [a100910f572469cdd9fdbc9a1be7f907], PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Löschen bei Neustart, [4958940c6b103cfa9f8703db28daba46], PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, Löschen bei Neustart, [9a078f11ec8ff83e7e6c70aacf35768a], PUP.Optional.FlowSurf.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, Löschen bei Neustart, [b8e927799fdc64d28862a67415ef936d], PUP.Optional.Qone8, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [28799d03c5b639fd876e34d732d26799], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Löschen bei Neustart, [6c358f11ea91ef47a3fe0c08b94b5ea2], PUP.Optional.weDownload.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Löschen bei Neustart, [079af3ad611a61d5ac7af0ee966cac54], Registrierungswerte: 5 PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_de_86, In Quarantäne, [5051920ea3d8e84eb629a630877be020], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-tofUlNEIFlkUIA@jetpack, C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, In Quarantäne, [524f9e02ed8e6fc70ce67863fc068c74] PUP.Optional.FlowSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, Löschen bei Neustart, [9a078f11ec8ff83e7e6c70aacf35768a] PUP.Optional.FlowSurf.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, Löschen bei Neustart, [b8e927799fdc64d28862a67415ef936d] PUP.Optional.FastStart.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [633edec2bdbecc6a7a28586dc63cf808] Registrierungsdaten: 2 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e7babfe1f8833501a5c3b9f012f29967] PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027),Löschen bei Neustart,[ccd55e42a6d5360055e59609f31106fa] Ordner: 12 PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode, In Quarantäne, [3f62633d611aa591547ea9fcb151c040], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\icons, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\includes, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\kango, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\OGLKILJDMFLOPEMIJDADOIEPKHCAODJN\1.5.28_0\kango-ui, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\GPIIFGMGNFDIBLGPAEPBMFDKCHEICGOF, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0, In Quarantäne, [465bd1cfb6c5d95dc3e17a3dba4855ab], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0, In Quarantäne, [c3deabf57a01c76ff7ad4d6ad230e31d], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], Dateien: 67 PUP.Optional.WPM.A, C:\Users\Lola\AppData\Local\Temp\303331578\303331578.zipDir\tmp\wpm_v20.0.0.502.exe, In Quarantäne, [168b217f53282c0a63e9177a90710ff1], PUP.Optional.Amonetize, C:\Users\Lola\Downloads\FlashPlayersetup__7343_i1040439988_il23.exe, In Quarantäne, [554cedb3ff7c8da925f92773dc257789], PUP.Optional.BundleInstaller.A, C:\Users\Lola\Downloads\openoffice setup.exe, In Quarantäne, [fca57c246615c4725136ef5144bdb050], PUP.Optional.BundleInstaller.A, C:\Users\Thomas\Downloads\Setup.exe, In Quarantäne, [950c4c546b1060d65c7dc2b260a413ed], PUP.Optional.WebSearchs.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_ISTART.WEBSSEARCHES.COM_0.LOCALSTORAGE, In Quarantäne, [8a17f3adb4c7ee485ce514ae996928d8], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0.localstorage, In Quarantäne, [435eb2eeec8f56e06a9fac207b87e719], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0.localstorage, In Quarantäne, [633e49579fdcc96d9871ab21b74bdf21], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0.localstorage-journal, In Quarantäne, [9908b5ebd3a82e0867a28e3e20e2857b], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\background.html, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json.bak, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf-drop.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf.css, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\jquery-1.7.2.min.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js.bak, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\manifest.json, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\readme.txt, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\button.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon100.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon128.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon16.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon256.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon32.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon48.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon64.png, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_init.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_kango.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\invoke_async_module.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\message_target_module.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\userscript_client.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\backgroundscript_engine.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\browser.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\console.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\i18n.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\initialize.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\io.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\kango.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\lang.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\messaging.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\storage.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\userscript_engine.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\xhr.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\browser_button.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\kango_api.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\options.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\remote_popup_host.html, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.FlowSurf.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\ui.js, In Quarantäne, [673aa6facead2e083de71893a0622ad6], PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\000003.log, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\CURRENT, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\LOCK, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\LOG, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], PUP.Optional.Spigot.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpiifgmgnfdiblgpaepbmfdkcheicgof\MANIFEST-000002, In Quarantäne, [7a27b8e8512a62d4fdb64274966cd32d], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0\1, In Quarantäne, [465bd1cfb6c5d95dc3e17a3dba4855ab], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ecoccdldklbjglocbgbfpmpehjegkode_0\1, In Quarantäne, [c3deabf57a01c76ff7ad4d6ad230e31d], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\000005.ldb, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\000006.log, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\CURRENT, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOCK, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOG, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOG.old, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\MANIFEST-000004, In Quarantäne, [8a171d83b1cafa3c4c595b5cdf23c937], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\000003.log, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\CURRENT, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOCK, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\LOG, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], PUP.Optional.CrossRider.A, C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecoccdldklbjglocbgbfpmpehjegkode\MANIFEST-000002, In Quarantäne, [b2ef8a1603782511d7ce7b3c19e9f50b], Physische Sektoren: 0 (No malicious items detected) (end) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=30419cf1aa7f75448c4ab68baa063358 # engine=19256 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-19 08:40:35 # local_time=2014-07-19 10:40:35 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 9580 12481171 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 4766334 14128756 0 0 # scanned=91 # found=0 # cleaned=0 # scan_time=20 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=30419cf1aa7f75448c4ab68baa063358 # engine=19256 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-19 10:21:15 # local_time=2014-07-20 12:21:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 15620 12487211 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 4772374 14134796 0 0 # scanned=225237 # found=100 # cleaned=0 # scan_time=5966 sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir" sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir" sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir" sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir" sh=5B316DFC64B10EF482340274CA23463B41FA06D7 ft=1 fh=65889e0c5d5dba37 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir" sh=3C4070BE9BE256CA88CD3B993CFBE4DEF47E67E1 ft=1 fh=83a1f0e292f9ec84 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe_1390855317907.vir" sh=8D431618E9030709F4F92F93482A042D2D0B70FA ft=1 fh=f9c5079134e88344 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir" sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=8676e6337a543f91 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390855309140.vir" sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=8676e6337a543f91 vn="Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1390855309390.vir" sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=5f5f86e71335fd15 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391012880405.vir" sh=C8F8049916B0E5C1953670DB20F04E87791681F2 ft=1 fh=5f5f86e71335fd15 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391012881015.vir" sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=2e9dc85ff81fe5c7 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPtool.dll_1391443718514.vir" sh=5FF1DB4E5E08B0718AF684AB591F51C4289B9145 ft=1 fh=59283cd49474610a vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir" sh=33E077621D027F3A6C83972DBD1B0C7F899C1B4E ft=1 fh=3081b00e12e38191 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir" sh=F697E03ADDEBA7FFAEB6F58DF392181B7124603D ft=1 fh=63d6f81f206b87ab vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir" sh=CF86EC53BF89452D78E9232D0A650ED0D6DDFBF8 ft=1 fh=f9b15bfcf851b7f7 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir" sh=D472287B4D2DE014565DAA5FE33CE7A8D8467BEF ft=1 fh=be2a50d35d915b95 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir" sh=A90FEB7960611E1959F335750997B5D1F96705CF ft=1 fh=cb70b3974a3698d7 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir" sh=3E71F188279BEBB9F9197E61CCB7D29619A56207 ft=1 fh=03c4fc387191019c vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir" sh=6F1A5ECDFB7EEC7C358BEFB0FB3D77CD7F21310D ft=1 fh=63510bae0f8b92a7 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir" sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=C5883F4245AE2C0515FB1D04A08FD82885B06398 ft=1 fh=8d649859311d4519 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=EA186A56E0445AF8E5F382F56F42F91682CFED3B ft=1 fh=875c743a5b727b00 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir" sh=9E90A050EB0BB1CEAB5633BCE404E5D5BC307647 ft=1 fh=2563181150dc44ea vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=16CF5D6E11C0F55548A67B8B5D04FA3460C76A2D ft=1 fh=7418003a088e68c3 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=C03584BE4ED7835858158D1C38D6B08317E2FC82 ft=1 fh=a96a1125b953bd6a vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir" sh=67642DACDC22ED45AF7947E4F47B1B8463E4162C ft=1 fh=b08cc40f36e9035a vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir" sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=9A4653CEB22C589149D70AF965E4C1586F6CA52A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\49074.crx.vir" sh=3678253E7BCECF44D37889E6E706BCAF51847CCB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\49074.xpi.vir" sh=54B26BB83094675DB6A0AC2FAFA7C91FC8942F4E ft=1 fh=3a4703d3f9f9f5f4 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bg.exe.vir" sh=388F890CAEB292E51E95F1B708E310BC5A371BC4 ft=1 fh=c71c00111a7e76d1 vn="Win32/Toolbar.CrossRider.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll.vir" sh=90416AFC1C2546408118F8A2EE861437FD0675D7 ft=1 fh=e973c85d0c631798 vn="Variante von Win64/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll.vir" sh=8A35852528873F841CFB43295889BDC024C7A28F ft=1 fh=3d74ec29744d8344 vn="Variante von Win32/Toolbar.CrossRider.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil.exe.vir" sh=C9F775295CC651D4E6EA9AB1194D7DEF88A9C705 ft=1 fh=c71c00113096d58d vn="möglicherweise Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil64.dll.vir" sh=FDBCF2A8097E80DD8C0E4A47167CA51D311427F9 ft=1 fh=3d74ec299e67ffa8 vn="Variante von Win64/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil64.exe.vir" sh=A619A66DFB30811DD65994FBE427DDD26DE5EDA2 ft=1 fh=1a8d23ed7c65c977 vn="Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe.vir" sh=3CF294A4B897845053A30E8E6C7AF418ECD05017 ft=1 fh=e3207db2f2123b3d vn="Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe.vir" sh=2ED35EA232A7A5B52E5A986C6BB2909B8CA52415 ft=1 fh=17f8ae824c93a525 vn="Variante von Win32/Toolbar.CrossRider.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-enabler.exe.vir" sh=780902952FC4DB3D6A5321273C4BD849A8635633 ft=1 fh=b452135b3dee8c92 vn="Variante von Win32/Toolbar.CrossRider.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe.vir" sh=CC2AC68A6B7D5ECF5D055985CF27A99A80D6C6B5 ft=1 fh=5baeea4b593d9080 vn="Variante von Win32/Toolbar.CrossRider.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-updater.exe.vir" sh=C62FF895E33B51FB1E304FF9A7D6E64D2DD736F5 ft=1 fh=2e18a956c41cfa90 vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\utils.exe.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\genienext\nengine.dll.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js.vir" sh=C8DB5E57774018F7ECA9B897993D81B6A6B37F7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js.vir" sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js.vir" sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js.vir" sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js.vir" sh=7C81F4B98C95A247009293CC3CBE66218ED8ADD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js.vir" sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js.vir" sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir" sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir" sh=5238A49C440E541BF241BC5EA247BAC9321C096D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir" sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir" sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir" sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir" sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir" sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\102_dealply_m.js.vir" sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\103_intext_5_m.js.vir" sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\104_jollywallet_m.js.vir" sh=04253E738106628805978963C1648F429CD2A08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\105_corticas_m.js.vir" sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\123_intext_adv_m.js.vir" sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\155_ibario_pops_m.js.vir" sh=D9DF0722882055C5C11AFD602D505B2E7EA9AFC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\184_noproblemppc_m.js.vir" sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\191_ciuvo_m.js.vir" sh=755E6F27D557EE62A1733A6D7446929692C0E2D5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir" sh=1C11431100002928B21CADA701E3D80CDBEFB6A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir" sh=3BB30FB241BF8D2B709364A69F5128CA9BEF9ED2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\217_similar_products_m.js.vir" sh=115081E9037F5D63F69BC5CA19ECC1ACC8F61896 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\223_imonomy_m.js.vir" sh=7BC84C8A88F318467C124FA76E67F600EB90FCAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\224_beacon_pops_m.js.vir" sh=2DC335A206411AD5B2CB8E8AB2B1333596493CB9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\226_set_campaign_id_m.js.vir" sh=46F27C818E66AF2651C8AEAAC8249451A90182BE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js.vir" sh=ADA1ABB410D5E0C6AD102F5BA8AEB6A255C1E9A6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js.vir" sh=99ED957925C94680B2842F0C146CF7F28A86CCD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lola\AppData\Roaming\newnext.me\nengine.dll.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\102_dealply_m.js.vir" sh=C8DB5E57774018F7ECA9B897993D81B6A6B37F7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\103_intext_5_m.js.vir" sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\104_jollywallet_m.js.vir" sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\105_corticas_m.js.vir" sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\155_ibario_pops_m.js.vir" sh=7C81F4B98C95A247009293CC3CBE66218ED8ADD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\184_noproblemppc_m.js.vir" sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\191_ciuvo_m.js.vir" sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir" sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir" sh=5238A49C440E541BF241BC5EA247BAC9321C096D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir" sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir" sh=76546544E4F61C8A5C86A53DC07C4F6B1A39B904 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\217_similar_products_m.js.vir" sh=7BC84C8A88F318467C124FA76E67F600EB90FCAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\224_beacon_pops_m.js.vir" sh=3F1A2FD85413FF4A3A4FF8BE0DFB3956E96B0212 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5fod2mo1.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=535AF651EA5F3D5DE0E0A0C7A83FB82D217C1414 ft=1 fh=839880581fe9fccf vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lola\AppData\Local\Temp\awhA552.tmp" sh=BBD7A2AC1E027E7ED0CFA567CF06E86D22B2A665 ft=1 fh=55978f7f5077c75a vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lola\Downloads\IObit-Malware-Figher-Setup.exe" sh=B4E711E7C5EB528585859AB5CBC76A88239757B5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01" sh=85F7A6DCC9459A0B1E5BB8CD1138F0E4075C90A2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01" |
20.07.2014, 02:20 | #6 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Schritt 3: FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014 Ran by Lola (administrator) on STUBE on 20-07-2014 00:53:57 Running from C:\Users\Lola\Desktop Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -update plugin HKU\S-1-5-21-2611022401-1185657083-2724232758-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GameCenterMailRu-EU] => "C:\Users\Freya\AppData\Local\Mail.Ru\GameCenter-EU\GameCenter@Mail.Ru.exe" -autostart Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.repage.de/member/paladine FF DefaultSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07] FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19] FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: webssearches CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23] ==================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 00:53 - 2014-07-20 00:54 - 00016408 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-20 00:51 - 2014-07-20 00:52 - 00042299 _____ () C:\Users\Lola\Desktop\Addition.txt 2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe 2014-07-19 22:16 - 2014-07-19 22:27 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt 2014-07-19 21:40 - 2014-07-19 23:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-19 21:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-19 21:40 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-19 21:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-07-19 21:32 - 2014-07-19 21:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt 2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-19 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe 2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt 2014-07-19 18:03 - 2014-07-19 22:20 - 00037326 _____ () C:\WINDOWS\PFRO.log 2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag 2014-07-19 17:47 - 2014-07-20 00:54 - 00000000 ____D () C:\FRST 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-07-19 22:23 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== One Month Modified Files and Folders ======= 2014-07-20 00:54 - 2014-07-20 00:53 - 00016408 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-20 00:54 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST 2014-07-20 00:53 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-20 00:52 - 2014-07-20 00:51 - 00042299 _____ () C:\Users\Lola\Desktop\Addition.txt 2014-07-20 00:21 - 2014-01-17 23:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001 2014-07-20 00:18 - 2014-06-09 18:15 - 01941869 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-20 00:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-20 00:08 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-20 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-19 23:10 - 2014-07-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe 2014-07-19 22:27 - 2014-07-19 22:16 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt 2014-07-19 22:26 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-19 22:26 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-19 22:26 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-19 22:25 - 2014-01-28 00:31 - 00000000 __RDO () C:\Users\Lola\SkyDrive 2014-07-19 22:24 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365 2014-07-19 22:23 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-19 22:20 - 2014-07-19 18:03 - 00037326 _____ () C:\WINDOWS\PFRO.log 2014-07-19 22:20 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-19 22:20 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-19 22:05 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7} 2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-19 21:34 - 2014-07-19 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt 2014-07-19 21:01 - 2014-02-20 21:13 - 00000000 ____D () C:\AdwCleaner 2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-19 21:00 - 2014-02-09 22:56 - 00000000 ____D () C:\Users\Thomas 2014-07-19 21:00 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola 2014-07-19 21:00 - 2014-01-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe 2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt 2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag 2014-07-19 18:03 - 2014-06-09 05:51 - 73416704 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2014-07-19 18:01 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt 2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job 2014-07-19 10:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml 2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client 2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA Files to move or delete: ==================== C:\ProgramData\uninstall265917.exe Some content of TEMP: ==================== C:\Users\Freya\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\Quarantine.exe C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe C:\Users\Thomas\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 14:57 ==================== End Of Log ============================ --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014 Ran by Lola at 2014-07-20 00:55:18 Running from C:\Users\Lola\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) Acer Remote (HKLM-x32\...\Acer Remote1.0) (Version: 1.0 - Acer Inc.) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{6F33B065-4478-44EE-8E5F-A40BBD61619F}) (Version: 20.2.45.72438 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.2.45.72438 - Alcor Micro Corp.) Hidden AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{E3AB2F4D-B540-437B-4E4F-3A3C344C3B2A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Center@Mail.Ru - EU (HKCU\...\GameCenterMailRu-EU) (Version: 2.320 - LLC Mail.Ru) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2012 - Acer Incorporated) ContextFree (HKCU\...\ContextFree) (Version: - ) Dark Mysteries: Der Seelensammler Sammleredition (HKLM-x32\...\Dark Mysteries: Der Seelensammler Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Dark Strokes: Die Sünden der Väter Sammleredition (HKLM-x32\...\Dark Strokes: Die Sünden der Väter Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Der Fluch der Werwölfe Sammleredition (HKLM-x32\...\Der Fluch der Werwölfe Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition (HKLM-x32\...\Der Tempel des Lebens: Die Legende der Vier Elemente Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Die 4 Elemente (HKLM-x32\...\Die 4 Elemente) (Version: 0.0.0.0 - INTENIUM GmbH) Die 4 Elemente II Sammleredition (HKLM-x32\...\Die 4 Elemente II Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit) Elementals: Der Magische Schlüssel (HKLM-x32\...\Elementals: Der Magische Schlüssel) (Version: 1.0.0.0 - INTENIUM GmbH) Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Haunted Past: Im Reich der Geister Sammleredition (HKLM-x32\...\Haunted Past: Im Reich der Geister Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition (HKLM-x32\...\Haus der 1000 Türen 2: Das Juwel des Zarathustra Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Haus der 1000 Türen Sammleredition (HKLM-x32\...\Haus der 1000 Türen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3005 - Acer Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Acer Incorporated) IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.8.2663 - IObit) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Legend - Legacy Of The Dragons (HKCU\...\Legend - Legacy Of The Dragons (DE)) (Version: 1.9 - Mail.Ru Games GmbH) LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3008 - Acer Incorporated) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6859 - Realtek Semiconductor Corp.) Sacra Terra 2: Der Kuss des Todes Sammleredition (HKLM-x32\...\Sacra Terra 2: Der Kuss des Todes Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Sacra Terra: Nacht der Engel Sammleredition (HKLM-x32\...\Sacra Terra: Nacht der Engel Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit) Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Voodoo Chroniken: Erstes Zeichen Sammleredition (HKLM-x32\...\Voodoo Chroniken: Erstes Zeichen Sammleredition) (Version: 1.0.0.0 - INTENIUM GmbH) Wise Care 365 2.99 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.99 - WiseCleaner.com, Inc.) ==================== Restore Points ========================= 30-06-2014 10:21:00 Geplanter Prüfpunkt 08-07-2014 01:37:08 Geplanter Prüfpunkt 11-07-2014 07:11:54 Windows Modules Installer 18-07-2014 12:27:43 Geplanter Prüfpunkt 19-07-2014 18:53:37 Removed IObit Apps Toolbar v9.4. ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03788E86-B7B8-4E63-B551-3C2AD247CFF7} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0622BD4E-1624-4D7D-BBF1-12695E6745F6} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-02-27] (Acer Incorporated) Task: {07771D45-0369-49C2-8A17-1F224FB67EC9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2611022401-1185657083-2724232758-1001 Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {29A36733-D1DF-43DB-9141-740D150877D1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2F947BC4-4262-4BBF-A78F-003E94166000} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {34973AB3-E070-426D-AB6A-55D1E2CF258D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {355BFE34-8469-49CC-8BFE-10C6BA036237} - \The weDownload Manager-enabler No Task File <==== ATTENTION Task: {396993F1-06F6-4B62-8230-4524A7805DE7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {41EB21E1-55BF-49E7-AACB-53FA3FC10FA2} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {420853CD-78F8-4573-9AF9-0D2A2D43AFFD} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {56CAB56C-29F8-49A4-9FBF-356CE766BA30} - \fsupdate No Task File <==== ATTENTION Task: {5BD0C2C6-2F41-4ECA-A795-35F9FFFF3BEE} - System32\Tasks\RunAsStdUser_GameCenterMailRu-EU => C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\gamecenter@mail.ru.exe Task: {5FA885F4-7F52-4F6C-8135-60DAC70882C5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {63D499B3-DCC5-4C9A-A5B7-B77097D5EF33} - \The weDownload Manager-codedownloader No Task File <==== ATTENTION Task: {659AB603-985B-4C8E-8316-91C7E40A4024} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM) Task: {667938BF-64DB-47F6-B61D-555C33829F76} - \Driver Booster Scan No Task File <==== ATTENTION Task: {679929BC-487F-4EEB-A1C2-86B1B45E9135} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-06-13] () Task: {694A34E4-F5AC-4818-85F4-10DEFB91478C} - \The weDownload Manager-chromeinstaller No Task File <==== ATTENTION Task: {694AEFB2-C1B3-40CE-B1D8-E67D97FA6348} - \Driver Booster Update No Task File <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {744877A2-28E3-435A-9CE9-F70A68FBA20D} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7AFFDBD5-D60B-4A99-8B48-239CEA06206E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {82289AA5-EA75-4D97-B43B-D731687B4F30} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-07] (IObit) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8C197F2F-7907-4B64-A1D3-20D2AA22695B} - \The weDownload Manager-firefoxinstaller No Task File <==== ATTENTION Task: {8C85203C-0983-4E97-A28F-9134C25861C2} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {93BE7CD1-ECFD-4235-9350-09EF10809A57} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {9CB31A68-86B3-4E17-BF5C-57B535DF3F3B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {C1317186-1346-44AB-92EA-C5635A789E8C} - System32\Tasks\ASC7_SkipUac_Lola => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-28] (IObit) Task: {C53E619E-1F73-4BD8-8D8E-F263A59F2C3D} - \The weDownload Manager-updater No Task File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E26439DF-BDA4-4A64-811C-3BC9826F45AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E2C41E52-73D6-45BE-AA6A-84316EF4DA4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.) Task: {E5766170-AD65-476C-9283-F466803F357C} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {EB85D3CB-FCE5-40BB-B285-CEB018C61702} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit) Task: {FB46942C-D91E-4919-80C5-158CD0AE790F} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-02-22] () Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-05 14:35 - 2013-02-20 23:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll 2014-05-23 12:28 - 2014-05-23 12:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-06-07 15:12 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-07-15 12:17 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl 2014-07-15 12:17 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl 2014-07-15 12:17 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl 2014-06-07 16:12 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll 2014-06-07 15:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl 2014-06-07 15:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl 2014-06-07 15:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl 2014-06-07 15:12 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll 2014-07-15 12:17 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Freya\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Lola\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Thomas\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: GameCenterMailRu-EU => "c:\users\lola\appdata\local\mail.ru\gamecenter-eu\gamecenter@mail.ru.exe" -autostart HKLM\...\StartupApproved\Run32: => "avgnt" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKCU\...\StartupApproved\Run: => "Advanced SystemCare 7" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/20/2014 00:47:56 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:40:54 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:40:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:36:10 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:36:05 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 10:35:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (07/19/2014 09:40:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (07/19/2014 09:10:33 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. System errors: ============= Error: (07/19/2014 10:23:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (07/19/2014 09:04:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (07/19/2014 09:00:20 PM) (Source: DCOM) (EventID: 10010) (User: STUBE) Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca Error: (07/19/2014 08:45:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (07/19/2014 06:06:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (07/19/2014 06:03:45 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error: (07/19/2014 09:54:55 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/19/2014 07:42:41 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 10:17:43 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (07/18/2014 08:56:35 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4FD21B26-2BAF-4176-9FAA-AAB65B3D1761}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Microsoft Office Sessions: ========================= Error: (07/20/2014 00:47:56 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/19/2014 10:40:54 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 10:40:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 10:36:10 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 10:36:05 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 10:35:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 10:35:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Lola\Desktop\esetsmartinstaller_deu.exe Error: (07/19/2014 09:40:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (07/19/2014 09:10:33 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 7613.49 MB Available physical RAM: 5527.77 MB Total Pagefile: 8829.49 MB Available Pagefile: 5722.1 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:455.25 GB) (Free:380.16 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.11 GB) (Free:454.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 651131BF) Partition: GPT Partition Type. ==================== End Of Log ============================ MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 20.07.2014 Suchlauf-Zeit: 02:46:35 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.19.09 Rootkit Datenbank: v2014.07.17.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Lola Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 404835 Verstrichene Zeit: 29 Min, 34 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.Qone8, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [abba2978770424122df90a02de268878], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.WebsSearches.A, HKU\S-1-5-21-2611022401-1185657083-2724232758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027),Ersetzt,[6302c4dd3f3c8aace39cccd3848016ea] Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) |
20.07.2014, 15:13 | #7 |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Hi, also ich würde mit Revo zumindest auch noch den IObit Malwarefighter deinstallieren... Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope value is missing. FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File C:\ProgramData\uninstall265917.exe C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01 C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01
Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
20.07.2014, 15:31 | #8 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Gesagt getan. IObit Malwarefighter deinstalliert Und hier nun die Logs Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014 Ran by Lola at 2014-07-20 16:24:42 Run:2 Running from C:\Users\Lola\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope value is missing. FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File C:\ProgramData\uninstall265917.exe C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01 C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01 ***************** ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) not found. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully. 'HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKCU\Software\MozillaPlugins\@mail.ru/GameCenter' => Key deleted successfully. C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll not found. C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll not found. C:\ProgramData\uninstall265917.exe => Moved successfully. C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\8\BC\6D1ADd01 => Moved successfully. C:\Users\Thomas\AppData\Local\Mozilla\Firefox\Profiles\5fod2mo1.default\Cache\D\DF\46B67d01 => Moved successfully. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014 Ran by Lola (administrator) on STUBE on 20-07-2014 16:26:22 Running from C:\Users\Lola\Desktop Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13425224 2013-03-05] (Realtek Semiconductor) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {025fd6ec-81f2-11e3-be73-f80f41a03396} - "E:\LGAutoRun.exe" HKU\S-1-5-21-2611022401-1185657083-2724232758-1001\...\MountPoints2: {2324f0b4-9ccd-11e3-be8b-f80f41a03396} - "E:\LGAutoRun.exe" HKU\S-1-5-21-2611022401-1185657083-2724232758-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe -update plugin HKU\S-1-5-21-2611022401-1185657083-2724232758-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [GameCenterMailRu-EU] => "C:\Users\Freya\AppData\Local\Mail.Ru\GameCenter-EU\GameCenter@Mail.Ru.exe" -autostart Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1405366540&from=amt&uid=WDCXWD10EZEX-22RKKA0_WD-WCC1S632002720027&q={searchTerms} SearchScopes: HKCU - {351D8E3A-7CC5-41B3-841C-2A2C601EC8D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {790DEE0B-14BB-4FEE-8805-7AC306401ACA} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default FF SelectedSearchEngine: Google FF Homepage: hxxp://www.repage.de/member/paladine FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lola\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Ads Removal - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\adremoveext@adremoveext.net [2014-06-27] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\ascsurfingprotection@iobit.com [2014-06-07] FF Extension: Qute Classic - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi [2014-01-19] FF Extension: Adblock Plus - C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\0r83g7y4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSearchKeyword: webssearches CHR DefaultNewTabURL: CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (gamecenter component npdetector.dll) - C:\Users\Lola\AppData\Local\Mail.Ru\GameCenter-EU\NPDetector.dll No File CHR Extension: (Google Wallet) - C:\Users\Lola\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-23] ==================== Services (Whitelisted) ================= R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-07] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com) S2 HPSLPSVC; C:\Users\Lola\AppData\Local\Temp\7zS3EFF\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-20 16:26 - 2014-07-20 16:26 - 00015722 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-20 16:19 - 2014-07-20 16:19 - 00000000 ____D () C:\Users\Lola\Desktop\revouninstaller-portable 2014-07-20 16:18 - 2014-07-20 16:18 - 03007700 _____ () C:\Users\Lola\Downloads\revouninstaller.zip 2014-07-20 00:55 - 2014-07-20 00:55 - 00042350 _____ () C:\Users\Lola\Desktop\Addition.txt 2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe 2014-07-19 22:16 - 2014-07-19 22:27 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt 2014-07-19 21:40 - 2014-07-20 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-19 21:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-19 21:40 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-19 21:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-07-19 21:32 - 2014-07-19 21:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt 2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-19 20:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe 2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt 2014-07-19 18:03 - 2014-07-19 22:20 - 00037326 _____ () C:\WINDOWS\PFRO.log 2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag 2014-07-19 17:47 - 2014-07-20 16:26 - 00000000 ____D () C:\FRST 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:52 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-07-11 08:52 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-09 12:10 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 05:55 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 05:55 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-09 05:55 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-09 05:55 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-09 05:55 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-07-09 05:55 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-07-09 05:55 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-07-09 05:55 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-09 05:54 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-09 05:54 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 05:54 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-09 05:54 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 05:54 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-09 05:53 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-09 05:53 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-09 05:53 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 05:53 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 05:53 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 05:53 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 05:53 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 05:53 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 05:53 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 05:53 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-07-09 05:53 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 05:53 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 05:53 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-07-09 05:51 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-09 05:51 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-09 05:51 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-09 05:51 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-09 05:51 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-09 05:51 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-09 05:51 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-07-09 05:51 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-07-09 05:51 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-09 05:51 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-09 05:51 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:51 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-09 05:51 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-09 05:51 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-09 05:51 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-09 05:51 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-07-09 05:51 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-07-19 22:23 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== One Month Modified Files and Folders ======= 2014-07-20 16:26 - 2014-07-20 16:26 - 00015722 _____ () C:\Users\Lola\Desktop\FRST.txt 2014-07-20 16:26 - 2014-07-19 17:47 - 00000000 ____D () C:\FRST 2014-07-20 16:26 - 2014-01-17 23:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2611022401-1185657083-2724232758-1001 2014-07-20 16:22 - 2014-02-20 22:37 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-07-20 16:19 - 2014-07-20 16:19 - 00000000 ____D () C:\Users\Lola\Desktop\revouninstaller-portable 2014-07-20 16:18 - 2014-07-20 16:18 - 03007700 _____ () C:\Users\Lola\Downloads\revouninstaller.zip 2014-07-20 16:16 - 2014-04-18 12:13 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-20 16:07 - 2014-01-18 14:35 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-20 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-20 15:43 - 2014-07-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-20 11:32 - 2014-06-09 18:15 - 02084151 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-20 11:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-07-20 00:55 - 2014-07-20 00:55 - 00042350 _____ () C:\Users\Lola\Desktop\Addition.txt 2014-07-20 00:53 - 2014-02-20 22:37 - 00000288 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-19 22:35 - 2014-07-19 22:35 - 02347384 _____ (ESET) C:\Users\Lola\Desktop\esetsmartinstaller_deu.exe 2014-07-19 22:27 - 2014-07-19 22:16 - 00022051 _____ () C:\Users\Lola\Desktop\Protokoll.txt 2014-07-19 22:26 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-19 22:26 - 2013-11-14 09:11 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-19 22:26 - 2013-11-14 09:11 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-19 22:25 - 2014-01-28 00:31 - 00000000 ___DO () C:\Users\Lola\SkyDrive 2014-07-19 22:24 - 2014-05-17 14:58 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\Wise Care 365 2014-07-19 22:23 - 2014-06-21 18:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-19 22:20 - 2014-07-19 18:03 - 00037326 _____ () C:\WINDOWS\PFRO.log 2014-07-19 22:20 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-19 22:20 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-19 22:05 - 2014-06-09 18:01 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87182F7E-78A1-441D-96FB-2954177723C7} 2014-07-19 21:40 - 2014-07-19 21:40 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-19 21:40 - 2014-07-19 21:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-19 21:34 - 2014-07-19 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lola\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-19 21:04 - 2014-07-19 21:04 - 00008970 _____ () C:\Users\Lola\Desktop\AdwCleaner[S2].txt 2014-07-19 21:01 - 2014-02-20 21:13 - 00000000 ____D () C:\AdwCleaner 2014-07-19 21:00 - 2014-07-19 21:00 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-19 21:00 - 2014-07-19 21:00 - 00001009 _____ () C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-19 21:00 - 2014-02-09 22:56 - 00000000 ____D () C:\Users\Thomas 2014-07-19 21:00 - 2014-01-28 00:00 - 00000000 ____D () C:\Users\Lola 2014-07-19 21:00 - 2014-01-18 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-19 20:55 - 2014-07-19 20:55 - 01354223 _____ () C:\Users\Lola\Desktop\adwcleaner_3.216.exe 2014-07-19 18:13 - 2014-07-19 18:13 - 00009520 _____ () C:\Users\Lola\Desktop\Gmer.txt 2014-07-19 18:03 - 2014-07-19 18:03 - 00000000 _____ () C:\asc_rdflag 2014-07-19 18:03 - 2014-06-09 05:51 - 73416704 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00409600 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00036864 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2014-07-19 18:03 - 2014-06-09 05:51 - 00028672 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2014-07-19 18:01 - 2014-06-07 15:12 - 00000252 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Lola.job 2014-07-19 17:44 - 2014-07-19 17:44 - 00000470 _____ () C:\Users\Lola\Desktop\defogger_disable.log 2014-07-19 17:44 - 2014-07-19 17:44 - 00000000 _____ () C:\Users\Lola\defogger_reenable 2014-07-19 17:37 - 2014-07-19 17:37 - 00000626 _____ () C:\Users\Lola\Desktop\Ereignisse.txt 2014-07-19 17:34 - 2014-07-19 17:34 - 00380416 _____ () C:\Users\Lola\Desktop\Gmer-19357.exe 2014-07-19 17:33 - 2014-07-19 17:33 - 02089984 _____ (Farbar) C:\Users\Lola\Desktop\FRST64.exe 2014-07-19 17:30 - 2014-07-19 17:30 - 00050477 _____ () C:\Users\Lola\Desktop\Defogger.exe 2014-07-19 17:29 - 2014-06-07 17:49 - 00000000 ____D () C:\Users\Lola\Desktop\Deutschland Spielt 2014-07-19 17:26 - 2014-06-07 15:12 - 00002189 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-07-19 15:20 - 2014-05-17 15:23 - 00000412 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job 2014-07-15 12:17 - 2014-07-15 12:17 - 00003158 _____ () C:\WINDOWS\System32\Tasks\StartMenuAutoupdate 2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2014-07-15 10:08 - 2014-07-15 10:08 - 00818744 _____ (Reimage®) C:\Users\Lola\Downloads\ReimageRepair.exe 2014-07-15 09:37 - 2014-06-07 16:11 - 00165659 _____ () C:\MyXML.xml 2014-07-15 09:37 - 2014-02-20 22:37 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-11 12:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-07-11 09:13 - 2014-07-11 09:13 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-07-11 09:13 - 2014-07-11 09:13 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2014-07-11 09:13 - 2014-07-11 09:13 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2014-07-11 09:13 - 2014-07-11 09:13 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2014-07-11 09:13 - 2014-07-11 09:13 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2014-07-11 09:13 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-11 09:12 - 2014-07-11 09:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-07-11 08:51 - 2013-08-22 16:44 - 00360464 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 02:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-10 14:26 - 2014-03-13 12:34 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-07-09 12:15 - 2014-01-18 14:18 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-09 12:12 - 2014-01-18 14:18 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-09 12:12 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-09 12:09 - 2014-07-09 12:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-09 12:09 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 05:45 - 2014-07-09 05:45 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-07-08 11:54 - 2014-04-18 12:13 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-07-03 17:29 - 2014-03-12 15:10 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-07-01 00:45 - 2014-07-09 05:51 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-06-28 09:48 - 2014-07-09 05:51 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-06-28 09:07 - 2014-07-09 05:51 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-06-28 00:50 - 2014-01-18 00:56 - 00000000 ____D () C:\Users\Lola\AppData\Roaming\TS3Client 2014-06-26 22:55 - 2014-07-11 08:52 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:55 - 2014-07-11 08:52 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-26 11:35 - 2014-01-18 00:48 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-06-21 23:43 - 2014-06-21 23:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler 2014-06-21 18:02 - 2014-06-21 18:02 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-21 18:02 - 2014-01-18 14:35 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA Some content of TEMP: ==================== C:\Users\Freya\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\avgnt.exe C:\Users\Lola\AppData\Local\Temp\Quarantine.exe C:\Users\Lola\AppData\Local\Temp\{D983D7E1-6584-4398-A43B-2FB423F350E2}-36.0.1985.125_35.0.1916.153_chrome_updater.exe C:\Users\Thomas\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 14:57 ==================== End Of Log ============================ --- --- --- |
20.07.2014, 16:22 | #9 |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Frage?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
20.07.2014, 16:59 | #10 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Das Problem mit dem eigenständigem öffnen von Tabs oder Fenstern ist nicht mehr aufgetaucht. Aus meiner Sicht läuft hier alles wieder Rund Da ich aber zuwenig Ahnung hab, hoffe ich das du mir dieses noch bestätigst Sollte dir noch was aufgefallen sein, was hier evtl. völlig unnötig drauf ist, wär ich dankbar, wenn du mich drauf hinweisst Oder was meintest du grad mit "Frage?" Geändert von Lady Frigg (20.07.2014 um 17:15 Uhr) |
20.07.2014, 17:38 | #11 | |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wirdZitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Datenträgerbereinigung Windows 8 / 8.1
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Wie kann ich mich in Zukunft besser schützen? Tipps, Dos & Don'ts Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
Cracks, Downloads & Co. Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
20.07.2014, 18:03 | #12 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Hier erstmal den letzten Log, bevor ich mit DelFix beigehe Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014 Ran by Lola at 2014-07-20 18:49:08 Run:3 Running from C:\Users\Lola\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) ***************** "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk" => Could not move. ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) not found. ==== End of Fixlog ==== Geändert von Lady Frigg (20.07.2014 um 18:19 Uhr) |
20.07.2014, 18:22 | #13 |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird OK, versuch das noch manuell zu löschen Code:
ATTFilter $McRebootA5E6DEAA56$.lnk Code:
ATTFilter C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Wenn nicht, ist auch nicht schlimm...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
20.07.2014, 18:27 | #14 |
| Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird Nee, lässt sich i-wie nicht löschen.. |
20.07.2014, 18:34 | #15 |
/// TB-Ausbilder /// Anleitungs-Guru | Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird |
adware/agent.aljt.1, android/mobserv.a, branding, fast start, pup.optional.amonetize, pup.optional.bundleinstaller.a, pup.optional.crossrider.a, pup.optional.faststart.a, pup.optional.firstseentoday.a, pup.optional.flowsurf.a, pup.optional.qone8, pup.optional.searchprotect.a, pup.optional.spigot.a, pup.optional.websearchs.a, pup.optional.webssearches.a, pup.optional.wedownload.a, pup.optional.wpm.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/conduit.searchprotect.q, win32/elex.ar, win32/mobogenie.a, win32/nextlive.a, win32/thinknice.b, win32/thinknice.d, win64/conduit.searchprotect.a, win64/thinknice.a, windowsapps |