| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim SurfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2015, 16:46
| #1 |
| |  Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen Hallo, seit etwa zwei Monaten (möchte mich aber nicht genau festlegen) kann ich nur noch recht langsam surfen. Sehr ärgerlich ist besonders folgendes: Es öffnen sich ständig neue Tabs oder sogar neue Fenster, wenn ich wo drauf klicke. Manche schließen sich auch von selbst sofort wieder, andere nicht. Viele Wörter sind farbig (grün oder blau) markiert und doppelt unterstrichen und zeigen Werbung auf, wenn man darüber fährt. Viele Fenster mit Werbung sind an den Seiten zu sehen, manchmal verändern diese auch das Layout der Seite. Ich bin die verschiedenen Schritte durchgegangen, die empfohlen wurden. Bei defogger kam keine Fehlermeldung und GMER funktionierte leider nicht ("die Datei wird von einem anderen Prozess verwendet"). Ich verwende Bitdefender als Antivirenprogramm und wusste nicht wie und wo ich hier Logs finden kann. Somit hier nur die beiden FRST Logs: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Veronika (administrator) on STELLA-LUNA on 21-01-2015 15:21:08
Running from C:\Users\Veronika\Downloads
Loaded Profiles: Veronika (Available profiles: Veronika)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitXG171.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Spotify Ltd) C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Veronika\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
(Weather Notifications, LLC) C:\Users\Veronika\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Spotify Ltd) C:\Users\Veronika\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-15] (Bitdefender)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [fst_de_103] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender)
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender)
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender)
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Spotify Web Helper] => C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-05] (Spotify Ltd)
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\MountPoints2: {716c4ab2-9bfe-11e4-befa-0c54a50fe9cd} - "F:\ChemBioOfficeUltra.exe"
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender)
Startup: C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Veronika\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\Veronika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Veronika\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3265754965-2365759906-3022362222-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3265754965-2365759906-3022362222-1001] => http=127.0.0.1:13949;https=127.0.0.1:13949
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceXL3EGXh31fFEk8aWlpH&q={searchTerms}
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceTYQZLJXLpouinAl&q={searchTerms}
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418988624&from=wpm12173&uid=WDCXWD5000LPVX-22V0TT0_WD-WX31AA3F5504F5504&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceTYQZLJXLpouinAl&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418988624&from=wpm12173&uid=WDCXWD5000LPVX-22V0TT0_WD-WX31AA3F5504F5504&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceXL3EGXh31fFEk8aWlpH&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceXL3EGXh31fFEk8aWlpH&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceTYQZLJXLpouinAl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceTYQZLJXLpouinAl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {2A9193A0-425C-40ED-B9D2-AE5878369F5C} URL =
SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418988624&from=wpm12173&uid=WDCXWD5000LPVX-22V0TT0_WD-WX31AA3F5504F5504&q={searchTerms}
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO-x32: Re-markit -> {74CD6F45-BA8A-203B-ED52-F70BA6DA87F3} -> C:\Program Files (x86)\Re-markit-soft\171.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default
FF NewTab: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJfi34pxlNMfCUYt0MDiBac-Cs1wDgOWW3aFju6u48bfPnA4dW2LTnXI1dSQ2Aqf
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1418988624&from=wpm12173&uid=WDCXWD5000LPVX-22V0TT0_WD-WX31AA3F5504F5504
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVxauPatVrET0CU4ixkLekYFV8ceTYQZLJXLpouinAl&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\Web Search.xml
FF Extension: MediaPlayer+ - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\c99f2e2c-e43b-45cb-a50f-b10bac2f33c1@a4314fc7-1c01-4fda-8022-f0e9bd0cb09f.com [2014-07-11]
FF Extension: Snap.Do - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{c9ed380f-5a38-d2fc-161b-28785bf22c59} [2014-07-07]
FF Extension: Cliqz Beta - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\cliqz@cliqz.com.xpi [2014-09-19]
FF Extension: Adblock Plus - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-18]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Firefox\Extensions: [{0A3C1416-902A-AAF1-C224-9A1F011F526B}] - C:\Program Files (x86)\Re-markit-soft\171.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\171.xpi [2014-05-28]
FF HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-15] (Bitdefender)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-21] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-21] (globalUpdate) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitXG171.exe [179712 2014-05-28] () [File not signed] <==== ATTENTION
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-15] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-15] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-15] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-15] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-15] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-28] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-20] (Disc Soft Ltd)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 15:21 - 2015-01-21 15:21 - 00024561 _____ () C:\Users\Veronika\Downloads\FRST.txt
2015-01-21 15:20 - 2015-01-21 15:21 - 00000000 ____D () C:\FRST
2015-01-21 15:20 - 2015-01-21 15:20 - 02126848 _____ (Farbar) C:\Users\Veronika\Downloads\FRST64.exe
2015-01-21 15:19 - 2015-01-21 15:19 - 01118208 _____ (Farbar) C:\Users\Veronika\Downloads\FRST.exe
2015-01-21 15:15 - 2015-01-21 15:16 - 00000478 _____ () C:\Users\Veronika\Downloads\defogger_disable.log
2015-01-21 15:15 - 2015-01-21 15:15 - 00050477 _____ () C:\Users\Veronika\Downloads\Defogger.exe
2015-01-21 15:15 - 2015-01-21 15:15 - 00000000 _____ () C:\Users\Veronika\defogger_reenable
2015-01-21 14:50 - 2015-01-21 15:10 - 154051656 _____ () C:\Users\Veronika\Downloads\avira_free_antivirus468_de.exe
2015-01-21 14:23 - 2015-01-21 14:23 - 00001102 _____ () C:\WINDOWS\PFRO.log
2015-01-20 17:03 - 2015-01-20 17:03 - 00818963 _____ () C:\Users\Veronika\Desktop\SS-P15-4.xlsx
2015-01-20 13:49 - 2015-01-20 14:02 - 00000750 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log
2015-01-20 13:49 - 2015-01-20 13:49 - 00815770 _____ () C:\Users\Veronika\Downloads\SS-P15-4.xlsx
2015-01-20 13:49 - 2015-01-20 13:49 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Microsoft_Corporation
2015-01-20 13:46 - 2015-01-20 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemBioOffice 2012
2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\ProgramData\CambridgeSoft
2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\Program Files (x86)\CambridgeSoft
2015-01-20 13:42 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Origin Pro 8.0
2015-01-20 13:41 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Mestrelab.Mnova.Suite.v6.0.2-iNViSiBLE
2015-01-20 13:40 - 2015-01-20 13:40 - 00001970 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-01-20 13:40 - 2015-01-20 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-20 13:39 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\DAEMON Tools Lite
2015-01-20 13:39 - 2015-01-20 13:39 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-01-20 13:39 - 2015-01-20 13:39 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-20 13:38 - 2015-01-20 13:42 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-20 13:38 - 2015-01-20 13:41 - 00000000 ____D () C:\Users\Veronika\Desktop\CambridgeSoft.ChemBioOffice.Ultra.v13.0.Suite-REMEDY
2015-01-20 13:36 - 2015-01-20 13:36 - 13429504 _____ (Disc Soft Ltd) C:\Users\Veronika\Downloads\DTLite4491-0356.exe
2015-01-19 20:49 - 2015-01-19 20:49 - 00000000 ____D () C:\WINDOWS\system32\log
2015-01-19 20:49 - 2015-01-19 20:49 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Elex-tech
2015-01-19 20:49 - 2015-01-19 20:49 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-19 20:49 - 2015-01-19 12:04 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2015-01-19 20:49 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-01-14 14:06 - 2015-01-21 14:25 - 00001179 _____ () C:\WINDOWS\setupact.log
2015-01-14 14:06 - 2015-01-14 14:06 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-14 13:44 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 13:44 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 13:44 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 13:44 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 13:44 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 13:44 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 13:44 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 13:44 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 13:44 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 13:44 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 13:44 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 13:44 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 13:44 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 13:44 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 13:44 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 13:44 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 13:44 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 13:44 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 13:44 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 13:44 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 13:44 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 13:44 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 13:44 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 13:44 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 13:44 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 17:30 - 2015-01-13 17:30 - 00043008 _____ () C:\Users\Veronika\Downloads\Personalbogen Studenten (2).xls
2015-01-13 17:21 - 2015-01-13 17:21 - 00043008 _____ () C:\Users\Veronika\Downloads\Personalbogen Studenten.xls
2015-01-13 17:21 - 2015-01-13 17:21 - 00043008 _____ () C:\Users\Veronika\Downloads\Personalbogen Studenten (1).xls
2015-01-04 13:58 - 2015-01-04 13:58 - 00000000 __SHD () C:\Users\Veronika\AppData\Local\EmieBrowserModeList
2015-01-04 13:47 - 2015-01-04 13:47 - 00000000 ____D () C:\ProgramData\Advanced Chemistry Development
2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs Freeware 2012
2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ACD2012FREE
2015-01-04 13:45 - 2015-01-04 13:47 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Advanced Chemistry Development
2015-01-04 13:37 - 2015-01-04 13:37 - 01174352 _____ () C:\Users\Veronika\Downloads\ChemSketch - CHIP-Installer.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-21 15:19 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Spotify
2015-01-21 15:15 - 2014-02-25 19:49 - 00000000 ____D () C:\Users\Veronika
2015-01-21 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-21 14:52 - 2014-02-25 20:02 - 01122215 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-21 14:48 - 2014-11-06 10:31 - 00012246 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-01-21 14:44 - 2014-11-06 10:26 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-01-21 14:43 - 2014-11-03 21:25 - 00000156 _____ () C:\WINDOWS\Reimage.ini
2015-01-21 14:40 - 2014-02-18 10:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3265754965-2365759906-3022362222-1001
2015-01-21 14:35 - 2014-05-28 08:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACFCB07E-2BB8-47DB-B19A-853A63D15CAB}
2015-01-21 14:34 - 2014-05-28 07:34 - 00002296 _____ () C:\WINDOWS\Tasks\e82579e6-16ea-463e-abe3-52eb6fa7996d-4.job
2015-01-21 14:28 - 2014-12-19 12:30 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-01-21 14:28 - 2014-02-25 20:24 - 00000000 ___DO () C:\Users\Veronika\SkyDrive
2015-01-21 14:28 - 2014-02-18 14:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-21 14:27 - 2014-07-21 11:34 - 00000000 ____D () C:\Users\Veronika\AppData\Local\SevereWeatherAlerts
2015-01-21 14:26 - 2014-07-21 11:38 - 00001484 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-5_user.job
2015-01-21 14:26 - 2014-07-21 11:38 - 00001468 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-5.job
2015-01-21 14:26 - 2014-07-21 11:38 - 00001334 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-10.job
2015-01-21 14:26 - 2014-07-21 11:37 - 00003840 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-11.job
2015-01-21 14:26 - 2014-07-21 11:37 - 00003158 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-3.job
2015-01-21 14:26 - 2014-07-21 11:37 - 00002328 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-4.job
2015-01-21 14:26 - 2014-07-21 11:37 - 00001616 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-1.job
2015-01-21 14:26 - 2014-07-21 11:37 - 00001380 _____ () C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-2.job
2015-01-21 14:26 - 2014-07-21 11:37 - 00000916 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore1cfa4cfc12c9f45.job
2015-01-21 14:26 - 2014-05-28 07:34 - 00000928 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-21 14:25 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-21 14:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-20 15:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-20 13:49 - 2014-04-09 13:44 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Deployment
2015-01-20 13:43 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-20 13:43 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-20 13:43 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-19 17:18 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Spotify
2015-01-18 14:48 - 2014-08-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-15 20:08 - 2014-12-19 12:30 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\WinZipper
2015-01-14 16:55 - 2014-02-18 13:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-14 16:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 13:53 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 13:52 - 2014-02-18 12:29 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 13:50 - 2014-02-18 12:29 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 20:28 - 2014-02-18 14:15 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-12 18:12 - 2014-02-25 19:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-01-09 15:42 - 2014-04-13 09:38 - 00000000 ____D () C:\Users\Veronika\Documents\UNI
2015-01-06 01:08 - 2014-09-14 23:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-09-14 23:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 17:34 - 2014-02-23 17:06 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-01-05 17:15 - 2014-08-05 10:10 - 00003858 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1407229816
2015-01-05 17:15 - 2014-08-05 10:10 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-04 13:22 - 2014-05-28 07:34 - 00000000 ____D () C:\Program Files (x86)\MediaPlayer+
==================== Files in the root of some directories =======
2014-06-02 14:16 - 2014-07-21 12:17 - 0000318 _____ () C:\Users\Veronika\AppData\Roaming\aps.uninstall.scan.results
2014-06-02 14:14 - 2014-07-16 14:41 - 0573339 _____ (ClickMeIn Limited) C:\Users\Veronika\AppData\Local\AnyProtectScannerSetup.exe
2015-01-20 13:49 - 2015-01-20 14:02 - 0000750 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log
2014-02-18 11:24 - 2014-02-18 11:24 - 0898720 _____ () C:\ProgramData\1392717425.bdinstall.bin
Some content of TEMP:
====================
C:\Users\Veronika\AppData\Local\Temp\bitool.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-20 14:17
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Veronika at 2015-01-21 15:22:07
Running from C:\Users\Veronika\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
ACD/Labs Freeware in C:\ACD2012FREE\ (HKLM-x32\...\ACDLabs in C__ACD2012FREE_) (Version: v14.00, FREE - ACD/Labs)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3017 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.116 - Alps Electric)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.25.0.1074 - Bitdefender)
CambridgeSoft ChemBioOffice 2012 (HKLM-x32\...\{535CDE5A-39D6-46EE-B6E5-9F38D0664D97}) (Version: 13.0 - CambridgeSoft Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3500 series Benutzerregistrierung (HKLM-x32\...\Canon MG3500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.31 - Abelssoft)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
LPT System Updater Service (x32 Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Pokki) (Version: 0.266.1.172 - Pokki) <==== ATTENTION!
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.19 - Qualcomm Atheros Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.28140 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.0 - Reimage) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Severe Weather Alerts (HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Snap.Do (HKLM-x32\...\{6EA563AD-DF38-4A1E-9437-3EA6EDA7B784}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\{727762bc-496e-4463-aaae-380c6b70bd82}) (Version: 11.77.1.18240 - ReSoft Ltd.) <==== ATTENTION
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.83 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-01-2015 14:39:20 Windows Update
12-01-2015 18:33:15 Geplanter Prüfpunkt
20-01-2015 13:45:02 Installed CambridgeSoft ChemBioOffice 2012.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00B755D5-D0F3-4463-82AD-2978F4145909} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {0D520D0A-F60B-45AC-BE3D-1DE050F1A3D6} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2014-11-15] (Bitdefender)
Task: {0EF89489-910A-4D57-B0D9-CE9FEC9F132D} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-11 => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-11.exe <==== ATTENTION
Task: {13EA345F-3F08-455D-9BF4-8999A406E7A1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {18D50FF4-C60A-405F-94A7-8BDD5704B89C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {22FB0F82-BA31-4F97-9A98-7EAFF27D83C9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {256800B2-277F-4794-9486-7788F6C200EC} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {27C8F9F8-B744-4823-98FC-49F7D845AE09} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {4AAA918B-6630-4D6C-BB09-BE6CBE0DA44D} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2014-10-23] () <==== ATTENTION
Task: {4EB78B4C-FD6E-4A92-B91E-C187CABDBA48} - System32\Tasks\Opera scheduled Autoupdate 1407229816 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {5057A7FD-9660-476D-A4E7-0C966A3E5AFF} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {6276D174-366C-4C1D-9FF8-71E87CEE44DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {6ECFCADF-69FA-491B-9101-3BE0DCA6639F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-03-21] (Acer Incorporated)
Task: {702DB575-990C-4568-93DC-03459604414A} - System32\Tasks\globalUpdateUpdateTaskMachineCore1cfa4cfc12c9f45 => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) <==== ATTENTION
Task: {84E49D0D-5852-4702-A818-2405B434F623} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {8F47DA7E-ADF8-4C71-A611-88DC010E3538} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-09-02] (CHIP)
Task: {97F77896-9A7A-42B9-A5FB-F9D7B5DD58EE} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-10 => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-10.exe <==== ATTENTION
Task: {9AEDF711-F67B-44DA-97CD-1077D9283939} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) <==== ATTENTION
Task: {A9F2F17A-5817-47C6-BE38-A7CB95A31656} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-2 => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-2.exe <==== ATTENTION
Task: {B7C09C88-D9FC-4D57-A61E-067896812614} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {BA2102C3-9D90-4111-9400-870A90FAFD7F} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-5_user => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-5.exe <==== ATTENTION
Task: {BA916DF8-D340-46D7-A51F-EFB8D7EDC2E7} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-3 => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-3.exe <==== ATTENTION
Task: {BBAAA54D-872C-45E0-BF5D-86BBEC5ED8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {BC707FF8-CC1E-4303-94A8-CBCA919A05FB} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {C5B1CC82-1C6D-4BDD-A94F-CC15B99DCFBF} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-21] (globalUpdate) <==== ATTENTION
Task: {C6B99B2A-6EA8-45E6-B8E0-0FD4AA768DFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {C8994548-D05B-48EF-9FD8-437907A09D2D} - System32\Tasks\e82579e6-16ea-463e-abe3-52eb6fa7996d-4 => C:\Program Files (x86)\MediaPlayer+\e82579e6-16ea-463e-abe3-52eb6fa7996d-4.exe <==== ATTENTION
Task: {D227DF23-AB6F-4643-A1ED-068393051264} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E1636BB1-9C80-4B28-A59F-55091DCE873B} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-4 => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-4.exe <==== ATTENTION
Task: {F16760F0-567B-408B-B6BA-2A234A1B2741} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-5 => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-5.exe <==== ATTENTION
Task: {FE84772A-A21E-4F80-B3ED-204FF96E34D7} - System32\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-1 => C:\Program Files (x86)\Browseri_Appe 1.2\Browseri_Appe 1.2-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-1.job => C:\Program Files (x86)\Browseri_Appe 1.2\Browseri_Appe 1.2-codedownloader.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-10.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-11.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-11.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-2.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-3.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-4.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-5.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\10cc64ae-f4df-4e12-938c-44450c6161f2-5_user.job => C:\Program Files (x86)\Browseri_Appe 1.2\10cc64ae-f4df-4e12-938c-44450c6161f2-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\e82579e6-16ea-463e-abe3-52eb6fa7996d-4.job => C:\Program Files (x86)\MediaPlayer+\e82579e6-16ea-463e-abe3-52eb6fa7996d-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore1cfa4cfc12c9f45.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-11-15 16:39 - 2014-11-15 16:39 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-11-15 16:39 - 2014-11-15 16:39 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-02-18 11:18 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-11-15 16:40 - 2014-11-15 16:40 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 08:58 - 2014-07-24 08:58 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_010\ashttpbr.mdl
2014-07-24 08:58 - 2014-07-24 08:58 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_010\ashttpdsp.mdl
2014-07-24 08:58 - 2014-07-24 08:58 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_010\ashttpph.mdl
2014-07-24 08:58 - 2014-07-24 08:58 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_010\ashttprbl.mdl
2014-02-18 13:48 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-05-28 07:33 - 2014-05-28 07:33 - 00179712 ____N () C:\Program Files (x86)\Re-markit-soft\Re-markitXG171.exe
2014-11-27 07:00 - 2014-11-27 07:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-09 06:02 - 2013-07-09 06:02 - 00348384 _____ () C:\Users\Veronika\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
2013-07-09 06:02 - 2013-07-09 06:02 - 00076000 _____ () C:\Users\Veronika\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll
2015-01-05 17:15 - 2015-01-05 17:15 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
2015-01-14 11:07 - 2015-01-14 11:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2014-04-04 14:48 - 2015-01-05 17:41 - 00374840 _____ () C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-19 12:30 - 2014-11-26 04:42 - 00612528 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2014-05-28 07:33 - 2014-05-28 07:33 - 00172544 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitXG171.dll
2015-01-19 20:49 - 2015-01-19 12:00 - 00185656 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2015-01-19 20:49 - 2015-01-19 12:00 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-02-18 11:18 - 2014-11-15 16:35 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2015-01-05 17:15 - 2015-01-05 17:15 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\message_center_win8.dll
2013-11-06 12:30 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-01-05 17:15 - 2015-01-05 17:15 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll
2015-01-05 17:15 - 2015-01-05 17:15 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll
2015-01-05 17:15 - 2015-01-05 17:15 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2015-01-05 17:15 - 2015-01-05 17:15 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
2013-11-06 12:07 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-04 14:48 - 2015-01-05 17:41 - 36966968 _____ () C:\Users\Veronika\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-20 08:16 - 2015-01-05 17:41 - 00867896 _____ () C:\Users\Veronika\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-04-04 14:48 - 2015-01-05 17:41 - 00886840 _____ () C:\Users\Veronika\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-04-04 14:48 - 2015-01-05 17:41 - 00108600 _____ () C:\Users\Veronika\AppData\Roaming\Spotify\Data\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Veronika\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Veronika\Downloads\avira_free_antivirus468_de.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\ccsetup415_slim.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\ChemSketch - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\Dropbox 2.6.7.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\DTLite4491-0356.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\FRST.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\Opera - CHIP-Installer.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\ReimageRepair.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\winrar-x64-511d (1).exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\winrar-x64-511d.exe:BDU
AlternateDataStreams: C:\Users\Veronika\Downloads\wrar511d.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3265754965-2365759906-3022362222-500 - Administrator - Disabled)
Gast (S-1-5-21-3265754965-2365759906-3022362222-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3265754965-2365759906-3022362222-1005 - Limited - Enabled)
Veronika (S-1-5-21-3265754965-2365759906-3022362222-1001 - Administrator - Enabled) => C:\Users\Veronika
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/20/2015 08:15:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (01/20/2015 04:03:24 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/20/2015 04:03:24 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/20/2015 04:03:24 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/20/2015 03:58:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/20/2015 03:58:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/20/2015 03:58:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/20/2015 03:24:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 44f4
Startzeit: 01d034bc1422be86
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 07cc7861-a0b0-11e4-befa-0c54a50fe9cd
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (01/20/2015 03:07:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1584
Startzeit: 01d034b9ac837c1a
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: a0ff125a-a0ad-11e4-befa-0c54a50fe9cd
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (01/20/2015 03:05:43 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
System errors:
=============
Error: (01/21/2015 03:09:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/21/2015 03:09:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.
Error: (01/21/2015 02:54:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/21/2015 02:54:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.
Error: (01/21/2015 02:29:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/21/2015 02:29:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht.
Error: (01/21/2015 02:26:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error: (01/21/2015 02:24:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
Error: (01/21/2015 02:25:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.01.2015 um 20:37:41 unerwartet heruntergefahren.
Error: (01/20/2015 08:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (01/20/2015 08:15:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (01/20/2015 04:03:24 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/20/2015 04:03:24 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/20/2015 04:03:24 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/20/2015 03:58:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/20/2015 03:58:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/20/2015 03:58:48 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/20/2015 03:24:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703144f401d034bc1422be864294967295C:\WINDOWS\syswow64\wwahost.exe07cc7861-a0b0-11e4-befa-0c54a50fe9cdMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (01/20/2015 03:07:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031158401d034b9ac837c1a4294967295C:\WINDOWS\syswow64\wwahost.exea0ff125a-a0ad-11e4-befa-0c54a50fe9cdMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (01/20/2015 03:05:43 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
CodeIntegrity Errors:
===================================
Date: 2015-01-21 15:10:12.905
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-21 15:10:12.835
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-21 14:55:06.841
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-21 14:55:06.757
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-21 14:29:26.407
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-21 14:29:25.923
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-21 14:26:07.866
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-20 20:33:32.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-20 20:25:20.910
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2015-01-20 20:25:20.852
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3978.27 MB
Available physical RAM: 1184.07 MB
Total Pagefile: 5386.27 MB
Available Pagefile: 1458.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:396.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C1DADC72)
Partition: GPT Partition Type.
==================== End Of Log ============================
Danke schon mal im vorraus! |
|
21.01.2015, 16:47
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
21.01.2015, 18:40
| #3 |
| | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen Vielen Dank für die promte Antwort.
__________________Habe alles durchgeführt wie erwünscht. Lediglich "YAC" ließ sich nicht löschen mittels revo uninstaller. Hier die Dateien: AdwCleaner Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 18:03:31
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Veronika - STELLA-LUNA
# Gestartet von : C:\Users\Veronika\Downloads\AdwCleaner_4.108.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : iSafeKrnl
[#] Dienst Gelöscht : iSafeKrnlBoot
Dienst Gelöscht : iSafeKrnlKit
Dienst Gelöscht : iSafeKrnlR3
Dienst Gelöscht : iSafeNetFilter
[#] Dienst Gelöscht : iSafeService
Dienst Gelöscht : iSafeKrnlMon
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\predm
[!] Ordner Gelöscht : C:\Program Files (x86)\Elex-tech
Ordner Gelöscht : C:\Users\Veronika\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Veronika\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Veronika\AppData\Roaming\Activeris
[!] Ordner Gelöscht : C:\Users\Veronika\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\Veronika\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Veronika\Documents\PC Speed Maximizer
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\WINDOWS\Reimage.ini
Datei Gelöscht : C:\WINDOWS\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\WINDOWS\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\Veronika\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Veronika\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Veronika\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Veronika\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Veronika\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Datei Gelöscht : C:\Users\Veronika\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : Optimizer Pro Schedule
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0A3C1416-902A-AAF1-C224-9A1F011F526B}]
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\V9
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJfi34pxlNMfCUYt0[...]
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?type=hp&ts=1418988624&from=wpm12173&uid=WDCXWD5000LPVX-22V0TT0_WD-WX31AA3F5504F5504");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ac99f2e2ce43b45cba50fb10bac2f33c1a4314fc71c014fda8022f0e9bd0cb09fcom58024.58024.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "146418c34579f3dd98ef6d4d2f35218c");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 12);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1402420320818");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "144083");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdott");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lkry\\\",\\\"www.only-apart[...]
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "true");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "c9ed380f-5a38-d2fc-161b-28785bf22c59");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "28/05/2014");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1402593120");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1406103330236");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdott");
[ojlpsrga.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc55gJ3fYldFkmgKyevsA_fRlSQrTQILblivBUbltj24y8GfweQQcn2fQczIo3TPzJ2anLLOqqibPfo1MqdotoVx[...]
-\\ Opera v26.0.1656.60
*************************
AdwCleaner[R0].txt - [14297 octets] - [21/01/2015 18:00:38]
AdwCleaner[S0].txt - [13880 octets] - [21/01/2015 18:03:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13941 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Veronika on 21.01.2015 at 18:14:58,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafekrnlkit
Successfully stopped: [Service] isafekrnlr3
Successfully deleted: [Service] isafekrnlr3
Failed to stop: [Service] isafenetfilter
Failed to stop: [Service] isafeservice
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Veronika\AppData\Roaming\elex-tech"
Failed to delete: [Folder] "C:\Program Files (x86)\elex-tech"
~~~ FireFox
Emptied folder: C:\Users\Veronika\AppData\Roaming\mozilla\firefox\profiles\ojlpsrga.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2015 at 18:20:57,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Veronika (administrator) on STELLA-LUNA on 21-01-2015 18:21:57 Running from C:\Users\Veronika\Downloads Loaded Profiles: Veronika (Available profiles: Veronika) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Spotify Ltd) C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-15] (Bitdefender) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications)) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Spotify Web Helper] => C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-05] (Spotify Ltd) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\MountPoints2: {716c4ab2-9bfe-11e4-befa-0c54a50fe9cd} - "F:\ChemBioOfficeUltra.exe" HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-3265754965-2365759906-3022362222-1001] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {2A9193A0-425C-40ED-B9D2-AE5878369F5C} URL = BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-maps.xml FF Extension: Snap.Do - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{c9ed380f-5a38-d2fc-161b-28785bf22c59} [2014-07-07] FF Extension: Cliqz Beta - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\cliqz@cliqz.com.xpi [2014-09-19] FF Extension: Adblock Plus - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-04] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-18] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-18] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Program Files (x86)\Re-markit-soft\171.xpi [Not Found] FF Extension: No Name - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\c99f2e2c-e43b-45cb-a50f-b10bac2f33c1@a4314fc7-1c01-4fda-8022-f0e9bd0cb09f.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-15] (Bitdefender) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] () R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-15] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-15] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-15] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-15] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-15] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-28] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-20] (Disc Soft Ltd) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) U1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda) U1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda) U1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-15] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 18:20 - 2015-01-21 18:20 - 00001285 _____ () C:\Users\Veronika\Desktop\JRT.txt 2015-01-21 18:15 - 2015-01-21 18:15 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan 2015-01-21 18:14 - 2015-01-21 18:14 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-21 18:13 - 2015-01-21 18:13 - 01707939 _____ (Thisisu) C:\Users\Veronika\Downloads\JRT.exe 2015-01-21 18:09 - 2015-01-21 18:09 - 00014070 _____ () C:\Users\Veronika\Desktop\AdwCleaner.txt 2015-01-21 18:00 - 2015-01-21 18:08 - 00000000 ____D () C:\AdwCleaner 2015-01-21 17:53 - 2015-01-21 17:59 - 00237123 _____ () C:\Users\Veronika\Desktop\mbam.txt 2015-01-21 17:29 - 2015-01-21 17:29 - 02186752 _____ () C:\Users\Veronika\Downloads\AdwCleaner_4.108.exe 2015-01-21 17:28 - 2015-01-21 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-21 17:27 - 2015-01-21 17:27 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-21 17:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-21 17:27 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-21 17:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-21 17:16 - 2015-01-21 17:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Veronika\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-21 17:10 - 2015-01-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2015-01-21 16:53 - 2015-01-21 16:53 - 00001288 _____ () C:\Users\Veronika\Desktop\Revo Uninstaller.lnk 2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-21 16:52 - 2015-01-21 16:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Veronika\Downloads\revosetup95.exe 2015-01-21 16:14 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Avira 2015-01-21 15:26 - 2015-01-21 15:26 - 00380416 _____ () C:\Users\Veronika\Desktop\023hw3qj.exe 2015-01-21 15:24 - 2015-01-21 15:24 - 00039889 _____ () C:\Users\Veronika\Desktop\Addition.txt 2015-01-21 15:23 - 2015-01-21 15:23 - 00039276 _____ () C:\Users\Veronika\Desktop\FRST.txt 2015-01-21 15:22 - 2015-01-21 15:22 - 00039889 _____ () C:\Users\Veronika\Downloads\Addition.txt 2015-01-21 15:21 - 2015-01-21 18:21 - 00017772 _____ () C:\Users\Veronika\Downloads\FRST.txt 2015-01-21 15:20 - 2015-01-21 18:22 - 00000000 ____D () C:\FRST 2015-01-21 15:20 - 2015-01-21 15:20 - 02126848 _____ (Farbar) C:\Users\Veronika\Downloads\FRST64.exe 2015-01-21 15:19 - 2015-01-21 15:19 - 01118208 _____ (Farbar) C:\Users\Veronika\Downloads\FRST.exe 2015-01-21 15:15 - 2015-01-21 15:16 - 00000478 _____ () C:\Users\Veronika\Downloads\defogger_disable.log 2015-01-21 15:15 - 2015-01-21 15:15 - 00050477 _____ () C:\Users\Veronika\Downloads\Defogger.exe 2015-01-21 15:15 - 2015-01-21 15:15 - 00000000 _____ () C:\Users\Veronika\defogger_reenable 2015-01-21 14:50 - 2015-01-21 15:10 - 154051656 _____ () C:\Users\Veronika\Downloads\avira_free_antivirus468_de.exe 2015-01-21 14:23 - 2015-01-21 18:05 - 02266784 _____ () C:\WINDOWS\PFRO.log 2015-01-20 17:03 - 2015-01-20 17:03 - 00818963 _____ () C:\Users\Veronika\Desktop\SS-P15-4.xlsx 2015-01-20 13:49 - 2015-01-20 14:02 - 00000750 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log 2015-01-20 13:49 - 2015-01-20 13:49 - 00815770 _____ () C:\Users\Veronika\Downloads\SS-P15-4.xlsx 2015-01-20 13:49 - 2015-01-20 13:49 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Microsoft_Corporation 2015-01-20 13:46 - 2015-01-20 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemBioOffice 2012 2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\ProgramData\CambridgeSoft 2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\Program Files (x86)\CambridgeSoft 2015-01-20 13:42 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Origin Pro 8.0 2015-01-20 13:41 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Mestrelab.Mnova.Suite.v6.0.2-iNViSiBLE 2015-01-20 13:40 - 2015-01-20 13:40 - 00001970 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2015-01-20 13:40 - 2015-01-20 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-01-20 13:39 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\DAEMON Tools Lite 2015-01-20 13:39 - 2015-01-20 13:39 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys 2015-01-20 13:39 - 2015-01-20 13:39 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2015-01-20 13:38 - 2015-01-20 13:42 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-01-20 13:38 - 2015-01-20 13:41 - 00000000 ____D () C:\Users\Veronika\Desktop\CambridgeSoft.ChemBioOffice.Ultra.v13.0.Suite-REMEDY 2015-01-19 20:49 - 2015-01-21 18:04 - 00000000 ____D () C:\WINDOWS\system32\log 2015-01-19 20:49 - 2015-01-19 20:49 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2015-01-19 20:49 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 2015-01-14 14:06 - 2015-01-21 18:06 - 00001410 _____ () C:\WINDOWS\setupact.log 2015-01-14 14:06 - 2015-01-14 14:06 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-14 13:44 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 13:44 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 13:44 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 13:44 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 13:44 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 13:44 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 13:44 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 13:44 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 13:44 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 13:44 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 13:44 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 13:44 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 13:44 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 13:44 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 13:44 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 13:44 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 13:44 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 13:44 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 13:44 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 13:44 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 13:44 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-13 17:30 - 2015-01-13 17:30 - 00043008 _____ () C:\Users\Veronika\Downloads\Personalbogen Studenten (2).xls 2015-01-13 17:21 - 2015-01-13 17:21 - 00043008 _____ () C:\Users\Veronika\Downloads\Personalbogen Studenten.xls 2015-01-13 17:21 - 2015-01-13 17:21 - 00043008 _____ () C:\Users\Veronika\Downloads\Personalbogen Studenten (1).xls 2015-01-04 13:58 - 2015-01-04 13:58 - 00000000 __SHD () C:\Users\Veronika\AppData\Local\EmieBrowserModeList 2015-01-04 13:47 - 2015-01-04 13:47 - 00000000 ____D () C:\ProgramData\Advanced Chemistry Development 2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs Freeware 2012 2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ACD2012FREE 2015-01-04 13:45 - 2015-01-04 13:47 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Advanced Chemistry Development 2015-01-04 13:37 - 2015-01-04 13:37 - 01174352 _____ () C:\Users\Veronika\Downloads\ChemSketch - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 18:22 - 2014-02-18 10:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3265754965-2365759906-3022362222-1001 2015-01-21 18:08 - 2014-02-25 20:24 - 00000000 ___DO () C:\Users\Veronika\SkyDrive 2015-01-21 18:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-21 18:05 - 2014-02-25 20:02 - 01537121 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-21 18:05 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-21 18:03 - 2014-08-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-21 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-21 17:53 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Spotify 2015-01-21 17:28 - 2014-02-18 14:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-21 17:23 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-21 17:11 - 2013-11-06 12:26 - 00000000 ____D () C:\ProgramData\Norton 2015-01-21 16:58 - 2014-02-18 09:56 - 00000000 ____D () C:\ProgramData\Pokki 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\ProgramData\Acer 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-01-21 15:38 - 2013-11-06 12:27 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-21 15:15 - 2014-02-25 19:49 - 00000000 ____D () C:\Users\Veronika 2015-01-21 14:48 - 2014-11-06 10:31 - 00012246 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-01-21 14:44 - 2014-11-06 10:26 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2015-01-21 14:35 - 2014-05-28 08:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACFCB07E-2BB8-47DB-B19A-853A63D15CAB} 2015-01-21 14:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-20 13:49 - 2014-04-09 13:44 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Deployment 2015-01-20 13:43 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-20 13:43 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-20 13:43 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-19 17:18 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Spotify 2015-01-14 16:55 - 2014-02-18 13:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-01-14 13:53 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-14 13:52 - 2014-02-18 12:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 13:50 - 2014-02-18 12:29 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 20:28 - 2014-02-18 14:15 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-12 18:12 - 2014-02-25 19:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-09 15:42 - 2014-04-13 09:38 - 00000000 ____D () C:\Users\Veronika\Documents\UNI 2015-01-06 01:08 - 2014-09-14 23:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2014-09-14 23:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 17:34 - 2014-02-23 17:06 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-01-05 17:15 - 2014-08-05 10:10 - 00003858 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1407229816 2015-01-05 17:15 - 2014-08-05 10:10 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk ==================== Files in the root of some directories ======= 2015-01-20 13:49 - 2015-01-20 14:02 - 0000750 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log 2014-02-18 11:24 - 2014-02-18 11:24 - 0898720 _____ () C:\ProgramData\1392717425.bdinstall.bin Some content of TEMP: ==================== C:\Users\Veronika\AppData\Local\Temp\avgnt.exe C:\Users\Veronika\AppData\Local\Temp\Quarantine.exe C:\Users\Veronika\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-20 14:17 ==================== End Of Log ============================ --- --- --- Die Datei mbam.txt ist leider zu lang und auch zu groß zum hochladen, soll ich diese umwandeln? |
|
22.01.2015, 12:54
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim SurfenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.01.2015, 06:28
| #5 |
| | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ad2e71ead07ed84b899d69a06436c39f
# engine=22097
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-22 05:34:54
# local_time=2015-01-22 06:34:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2063 16777213 66 100 10305 100657054 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5304289 46829387 0 0
# scanned=244758
# found=5
# cleaned=0
# scan_time=5994
sh=CED05266ECDC6547AFB0B18E7AB4DBCCA5535FB9 ft=1 fh=2791e6518558f99b vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=5524BAAC03BF1A3485D08A96752801F56D36434C ft=1 fh=9e044c13dcecd7b5 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Veronika\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=7C484F6A50DC70EFC423A48B179071463DB6D61C ft=1 fh=056fa29c70a79e20 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Veronika\Downloads\ChemSketch - CHIP-Installer.exe"
sh=A349EB3BA50F31A5EF9A68C9276F4B4D7F90B6EE ft=1 fh=1e483cc37221002e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Veronika\Downloads\Opera - CHIP-Installer.exe"
sh=4D70C6D8A952A4236EBF5D956F3B8ACAC8FA88CF ft=1 fh=04b9660042a8baf7 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Veronika\Downloads\ReimageRepair.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Bitdefender Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` YAC(Yet Another Cleaner!) Adobe Flash Player 16.0.0.257 Mozilla Firefox 32.0.3 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Bitdefender Bitdefender vsserv.exe Bitdefender Bitdefender updatesrv.exe Bitdefender Bitdefender bdagent.exe Bitdefender Bitdefender pmbxag.exe Bitdefender Bitdefender antispam32 bdapppassmgr.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Veronika (administrator) on STELLA-LUNA on 22-01-2015 18:51:01 Running from C:\Users\Veronika\Downloads\Programme Trojaner Loaded Profiles: Veronika (Available profiles: Veronika) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Spotify Ltd) C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-15] (Bitdefender) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications)) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Spotify Web Helper] => C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-05] (Spotify Ltd) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\MountPoints2: {716c4ab2-9bfe-11e4-befa-0c54a50fe9cd} - "F:\ChemBioOfficeUltra.exe" HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-3265754965-2365759906-3022362222-1001] => Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {2A9193A0-425C-40ED-B9D2-AE5878369F5C} URL = BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-maps.xml FF Extension: Snap.Do - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{c9ed380f-5a38-d2fc-161b-28785bf22c59} [2014-07-07] FF Extension: Cliqz Beta - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\cliqz@cliqz.com.xpi [2014-09-19] FF Extension: Adblock Plus - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-04] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-18] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-18] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Program Files (x86)\Re-markit-soft\171.xpi [Not Found] FF Extension: No Name - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\c99f2e2c-e43b-45cb-a50f-b10bac2f33c1@a4314fc7-1c01-4fda-8022-f0e9bd0cb09f.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-15] (Bitdefender) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] () R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-15] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-15] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-15] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-15] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-15] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-28] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-20] (Disc Soft Ltd) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-19] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-15] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 18:45 - 2015-01-22 18:45 - 00852504 _____ () C:\Users\Veronika\Downloads\SecurityCheck.exe 2015-01-22 16:43 - 2015-01-22 16:43 - 02347384 _____ (ESET) C:\Users\Veronika\Downloads\esetsmartinstaller_deu.exe 2015-01-22 16:43 - 2015-01-22 16:43 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-22 16:41 - 2015-01-22 16:41 - 00001592 _____ () C:\WINDOWS\setupact.log 2015-01-22 16:41 - 2015-01-22 16:41 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-21 19:41 - 2015-01-22 18:51 - 00000000 ____D () C:\Users\Veronika\Downloads\Programme Trojaner 2015-01-21 19:34 - 2015-01-21 19:34 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Elex-tech 2015-01-21 18:20 - 2015-01-21 18:20 - 00001285 _____ () C:\Users\Veronika\Desktop\JRT.txt 2015-01-21 18:15 - 2015-01-21 18:15 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan 2015-01-21 18:14 - 2015-01-21 18:14 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-21 18:09 - 2015-01-21 18:09 - 00014070 _____ () C:\Users\Veronika\Desktop\AdwCleaner.txt 2015-01-21 18:00 - 2015-01-21 18:08 - 00000000 ____D () C:\AdwCleaner 2015-01-21 17:53 - 2015-01-21 17:59 - 00237123 _____ () C:\Users\Veronika\Desktop\mbam.txt 2015-01-21 17:28 - 2015-01-22 17:08 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-21 17:27 - 2015-01-21 17:27 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-21 17:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-21 17:27 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-21 17:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-21 17:10 - 2015-01-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2015-01-21 16:53 - 2015-01-21 16:53 - 00001288 _____ () C:\Users\Veronika\Desktop\Revo Uninstaller.lnk 2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-21 16:52 - 2015-01-21 16:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Veronika\Downloads\revosetup95.exe 2015-01-21 16:14 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Avira 2015-01-21 15:26 - 2015-01-21 15:26 - 00380416 _____ () C:\Users\Veronika\Desktop\023hw3qj.exe 2015-01-21 15:24 - 2015-01-21 15:24 - 00039889 _____ () C:\Users\Veronika\Desktop\Addition.txt 2015-01-21 15:23 - 2015-01-21 18:23 - 00033420 _____ () C:\Users\Veronika\Desktop\FRST.txt 2015-01-21 15:20 - 2015-01-22 18:51 - 00000000 ____D () C:\FRST 2015-01-21 15:15 - 2015-01-21 15:15 - 00000000 _____ () C:\Users\Veronika\defogger_reenable 2015-01-20 17:03 - 2015-01-20 17:03 - 00818963 _____ () C:\Users\Veronika\Desktop\SS-P15-4.xlsx 2015-01-20 13:49 - 2015-01-20 14:02 - 00000750 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log 2015-01-20 13:49 - 2015-01-20 13:49 - 00815770 _____ () C:\Users\Veronika\Downloads\SS-P15-4.xlsx 2015-01-20 13:49 - 2015-01-20 13:49 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Microsoft_Corporation 2015-01-20 13:46 - 2015-01-20 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemBioOffice 2012 2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\ProgramData\CambridgeSoft 2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\Program Files (x86)\CambridgeSoft 2015-01-20 13:42 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Origin Pro 8.0 2015-01-20 13:41 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Mestrelab.Mnova.Suite.v6.0.2-iNViSiBLE 2015-01-20 13:40 - 2015-01-20 13:40 - 00001970 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2015-01-20 13:40 - 2015-01-20 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-01-20 13:39 - 2015-01-22 07:31 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\DAEMON Tools Lite 2015-01-20 13:39 - 2015-01-20 13:39 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys 2015-01-20 13:39 - 2015-01-20 13:39 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2015-01-20 13:38 - 2015-01-20 13:42 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-01-20 13:38 - 2015-01-20 13:41 - 00000000 ____D () C:\Users\Veronika\Desktop\CambridgeSoft.ChemBioOffice.Ultra.v13.0.Suite-REMEDY 2015-01-19 20:49 - 2015-01-21 18:04 - 00000000 ____D () C:\WINDOWS\system32\log 2015-01-19 20:49 - 2015-01-19 20:49 - 00000000 ____D () C:\Program Files (x86)\Elex-tech 2015-01-19 20:49 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 2015-01-14 13:44 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 13:44 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 13:44 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 13:44 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 13:44 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 13:44 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 13:44 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 13:44 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 13:44 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 13:44 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 13:44 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 13:44 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 13:44 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 13:44 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 13:44 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 13:44 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 13:44 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 13:44 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 13:44 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 13:44 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 13:44 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-04 13:58 - 2015-01-04 13:58 - 00000000 __SHD () C:\Users\Veronika\AppData\Local\EmieBrowserModeList 2015-01-04 13:47 - 2015-01-04 13:47 - 00000000 ____D () C:\ProgramData\Advanced Chemistry Development 2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs Freeware 2012 2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ACD2012FREE 2015-01-04 13:45 - 2015-01-04 13:47 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Advanced Chemistry Development 2015-01-04 13:37 - 2015-01-04 13:37 - 01174352 _____ () C:\Users\Veronika\Downloads\ChemSketch - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-22 18:28 - 2014-02-18 14:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-22 18:06 - 2014-02-25 20:02 - 01816878 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-22 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-22 17:18 - 2014-08-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-22 16:43 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-22 16:43 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-22 16:43 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-22 14:43 - 2014-05-28 08:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACFCB07E-2BB8-47DB-B19A-853A63D15CAB} 2015-01-22 14:40 - 2014-02-25 20:24 - 00000000 __RDO () C:\Users\Veronika\SkyDrive 2015-01-22 07:30 - 2014-05-28 07:37 - 00000000 ____D () C:\Users\Veronika\AppData\Local\com 2015-01-21 19:45 - 2014-04-13 09:38 - 00000000 ____D () C:\Users\Veronika\Documents\UNI 2015-01-21 19:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-21 19:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-21 19:16 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Spotify 2015-01-21 18:45 - 2014-02-18 10:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3265754965-2365759906-3022362222-1001 2015-01-21 17:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-21 17:11 - 2013-11-06 12:26 - 00000000 ____D () C:\ProgramData\Norton 2015-01-21 16:58 - 2014-02-18 09:56 - 00000000 ____D () C:\ProgramData\Pokki 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\ProgramData\Acer 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-01-21 15:38 - 2013-11-06 12:27 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-21 15:15 - 2014-02-25 19:49 - 00000000 ____D () C:\Users\Veronika 2015-01-21 14:48 - 2014-11-06 10:31 - 00012246 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-01-21 14:44 - 2014-11-06 10:26 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2015-01-21 14:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-20 13:49 - 2014-04-09 13:44 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Deployment 2015-01-19 17:18 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Spotify 2015-01-14 16:55 - 2014-02-18 13:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-01-14 13:53 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-14 13:52 - 2014-02-18 12:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 13:50 - 2014-02-18 12:29 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 20:28 - 2014-02-18 14:15 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-12 18:12 - 2014-02-25 19:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-06 01:08 - 2014-09-14 23:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2014-09-14 23:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 17:34 - 2014-02-23 17:06 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-01-05 17:15 - 2014-08-05 10:10 - 00003858 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1407229816 2015-01-05 17:15 - 2014-08-05 10:10 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk ==================== Files in the root of some directories ======= 2015-01-20 13:49 - 2015-01-20 14:02 - 0000750 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log 2014-02-18 11:24 - 2014-02-18 11:24 - 0898720 _____ () C:\ProgramData\1392717425.bdinstall.bin Some content of TEMP: ==================== C:\Users\Veronika\AppData\Local\Temp\Quarantine.exe C:\Users\Veronika\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-20 14:17 ==================== End Of Log ============================ --- --- --- Die Probleme, über welche ich mich beklagt habe, sind verschwunden.  Vielen vielen Dank!  |
|
23.01.2015, 12:40
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: [S-1-5-21-3265754965-2365759906-3022362222-1001] => Internet Explorer proxy is enabled.
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
C:\Program Files (x86)\Elex-tech
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte.
__________________ --> Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen |
|
26.01.2015, 12:23
| #7 |
| | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Veronika (administrator) on STELLA-LUNA on 26-01-2015 12:16:57 Running from C:\Users\Veronika\Downloads\Programme Trojaner Loaded Profiles: Veronika (Available profiles: Veronika) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Spotify Ltd) C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [661400 2012-11-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1754424 2014-11-15] (Bitdefender) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications)) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Run: [Spotify Web Helper] => C:\Users\Veronika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-05] (Spotify Ltd) HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\MountPoints2: {716c4ab2-9bfe-11e4-befa-0c54a50fe9cd} - "F:\ChemBioOfficeUltra.exe" HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-11-15] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-11-15] (Bitdefender) HKU\S-1-5-18\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-11-15] (Bitdefender) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {2A9193A0-425C-40ED-B9D2-AE5878369F5C} URL = SearchScopes: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1421990769&from=zbd1&uid=wdcxwd5000lpvx-22v0tt0_wd-wx31aa3f5504f5504&q={searchTerms} BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3265754965-2365759906-3022362222-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Tcpip\Parameters: [DhcpNameServer] 141.35.1.16 141.35.1.80 FireFox: ======== FF ProfilePath: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default FF DefaultSearchEngine: V9 FF SearchEngineOrder.1: V9 FF SelectedSearchEngine: V9 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\searchplugins\V9.xml FF Extension: Snap.Do - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{c9ed380f-5a38-d2fc-161b-28785bf22c59} [2014-07-07] FF Extension: Cliqz Beta - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\cliqz@cliqz.com.xpi [2014-09-19] FF Extension: Adblock Plus - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-04] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-02-18] FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-02-18] FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext FF HKU\S-1-5-21-3265754965-2365759906-3022362222-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Program Files (x86)\Re-markit-soft\171.xpi [Not Found] FF Extension: No Name - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ojlpsrga.default\extensions\c99f2e2c-e43b-45cb-a50f-b10bac2f33c1@a4314fc7-1c01-4fda-8022-f0e9bd0cb09f.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-03] Opera: ======= OPR Extension: (Adblock Plus) - C:\Users\Veronika\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-08-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-11-15] (Bitdefender) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-11-15] (Bitdefender) R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1536624 2014-11-15] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-11-15] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-11-15] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-11-15] (BitDefender) S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender) R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-05-28] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC) S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL) S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-20] (Disc Soft Ltd) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-11-15] (BitDefender S.R.L.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] R1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] R1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 12:17 - 2015-01-26 12:17 - 00000165 ____H () C:\Users\Veronika\Desktop\~$VB-15-1.xlsx 2015-01-26 11:03 - 2015-01-26 11:03 - 00000000 ____D () C:\WINDOWS\LastGood 2015-01-26 11:01 - 2015-01-26 11:01 - 00457712 _____ () C:\WINDOWS\PFRO.log 2015-01-26 10:51 - 2015-01-26 10:51 - 00819000 _____ () C:\Users\Veronika\Desktop\VB-15-1.xlsx 2015-01-22 18:45 - 2015-01-22 18:45 - 00852504 _____ () C:\Users\Veronika\Downloads\SecurityCheck.exe 2015-01-22 16:43 - 2015-01-22 16:43 - 02347384 _____ (ESET) C:\Users\Veronika\Downloads\esetsmartinstaller_deu.exe 2015-01-22 16:41 - 2015-01-26 11:03 - 00002170 _____ () C:\WINDOWS\setupact.log 2015-01-22 16:41 - 2015-01-22 16:41 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-21 19:41 - 2015-01-26 12:16 - 00000000 ____D () C:\Users\Veronika\Downloads\Programme Trojaner 2015-01-21 19:34 - 2015-01-21 19:34 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Elex-tech 2015-01-21 18:20 - 2015-01-21 18:20 - 00001285 _____ () C:\Users\Veronika\Desktop\JRT.txt 2015-01-21 18:15 - 2015-01-21 18:15 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Auto-Scan 2015-01-21 18:14 - 2015-01-21 18:14 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-21 18:09 - 2015-01-21 18:09 - 00014070 _____ () C:\Users\Veronika\Desktop\AdwCleaner.txt 2015-01-21 18:00 - 2015-01-21 18:08 - 00000000 ____D () C:\AdwCleaner 2015-01-21 17:53 - 2015-01-21 17:59 - 00237123 _____ () C:\Users\Veronika\Desktop\mbam.txt 2015-01-21 17:28 - 2015-01-26 12:15 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-21 17:27 - 2015-01-21 17:27 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-21 17:27 - 2015-01-21 17:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-21 17:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-21 17:27 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-21 17:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-21 17:10 - 2015-01-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2015-01-21 16:53 - 2015-01-21 16:53 - 00001288 _____ () C:\Users\Veronika\Desktop\Revo Uninstaller.lnk 2015-01-21 16:53 - 2015-01-21 16:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-21 16:52 - 2015-01-21 16:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Veronika\Downloads\revosetup95.exe 2015-01-21 16:14 - 2015-01-21 16:38 - 00000000 ____D () C:\ProgramData\Avira 2015-01-21 15:26 - 2015-01-21 15:26 - 00380416 _____ () C:\Users\Veronika\Desktop\023hw3qj.exe 2015-01-21 15:24 - 2015-01-21 15:24 - 00039889 _____ () C:\Users\Veronika\Desktop\Addition.txt 2015-01-21 15:23 - 2015-01-21 18:23 - 00033420 _____ () C:\Users\Veronika\Desktop\FRST.txt 2015-01-21 15:20 - 2015-01-26 12:16 - 00000000 ____D () C:\FRST 2015-01-21 15:15 - 2015-01-21 15:15 - 00000000 _____ () C:\Users\Veronika\defogger_reenable 2015-01-20 17:03 - 2015-01-20 17:03 - 00818963 _____ () C:\Users\Veronika\Desktop\SS-P15-4.xlsx 2015-01-20 13:49 - 2015-01-26 12:17 - 00002560 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log 2015-01-20 13:49 - 2015-01-20 13:49 - 00815770 _____ () C:\Users\Veronika\Downloads\SS-P15-4.xlsx 2015-01-20 13:49 - 2015-01-20 13:49 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Microsoft_Corporation 2015-01-20 13:46 - 2015-01-20 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemBioOffice 2012 2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\ProgramData\CambridgeSoft 2015-01-20 13:45 - 2015-01-20 13:45 - 00000000 ____D () C:\Program Files (x86)\CambridgeSoft 2015-01-20 13:42 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Origin Pro 8.0 2015-01-20 13:41 - 2015-01-20 13:42 - 00000000 ____D () C:\Users\Veronika\Desktop\Mestrelab.Mnova.Suite.v6.0.2-iNViSiBLE 2015-01-20 13:40 - 2015-01-20 13:40 - 00001970 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2015-01-20 13:40 - 2015-01-20 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-01-20 13:39 - 2015-01-22 07:31 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\DAEMON Tools Lite 2015-01-20 13:39 - 2015-01-20 13:39 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys 2015-01-20 13:39 - 2015-01-20 13:39 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite 2015-01-20 13:38 - 2015-01-20 13:42 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-01-20 13:38 - 2015-01-20 13:41 - 00000000 ____D () C:\Users\Veronika\Desktop\CambridgeSoft.ChemBioOffice.Ultra.v13.0.Suite-REMEDY 2015-01-19 20:49 - 2015-01-21 18:04 - 00000000 ____D () C:\WINDOWS\system32\log 2015-01-19 20:49 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys 2015-01-14 13:44 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 13:44 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 13:44 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 13:44 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 13:44 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 13:44 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 13:44 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 13:44 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 13:44 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 13:44 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 13:44 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 13:44 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 13:44 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 13:44 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 13:44 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 13:44 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 13:44 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 13:44 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 13:44 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 13:44 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 13:44 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 13:44 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 13:44 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-04 13:58 - 2015-01-04 13:58 - 00000000 __SHD () C:\Users\Veronika\AppData\Local\EmieBrowserModeList 2015-01-04 13:47 - 2015-01-04 13:47 - 00000000 ____D () C:\ProgramData\Advanced Chemistry Development 2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs Freeware 2012 2015-01-04 13:46 - 2015-01-04 13:46 - 00000000 ____D () C:\ACD2012FREE 2015-01-04 13:45 - 2015-01-04 13:47 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Advanced Chemistry Development 2015-01-04 13:37 - 2015-01-04 13:37 - 01174352 _____ () C:\Users\Veronika\Downloads\ChemSketch - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 12:17 - 2014-04-09 13:44 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Deployment 2015-01-26 12:16 - 2014-02-25 20:24 - 00000000 ___DO () C:\Users\Veronika\SkyDrive 2015-01-26 12:15 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-26 11:11 - 2014-08-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-01-26 11:10 - 2014-02-25 20:02 - 01063926 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-26 11:03 - 2014-05-28 07:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-26 11:03 - 2014-02-25 19:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-26 11:02 - 2014-02-18 14:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-26 11:02 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-26 11:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-26 10:58 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-01-26 10:28 - 2014-02-18 14:15 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-26 10:28 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-26 10:19 - 2014-05-28 08:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACFCB07E-2BB8-47DB-B19A-853A63D15CAB} 2015-01-22 20:03 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Roaming\Spotify 2015-01-22 18:53 - 2014-02-18 14:07 - 00000000 ____D () C:\Users\Veronika\AppData\Local\Spotify 2015-01-22 16:43 - 2013-11-14 08:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-22 16:43 - 2013-11-14 08:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-22 16:43 - 2013-11-14 08:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-22 07:30 - 2014-05-28 07:37 - 00000000 ____D () C:\Users\Veronika\AppData\Local\com 2015-01-21 19:45 - 2014-04-13 09:38 - 00000000 ____D () C:\Users\Veronika\Documents\UNI 2015-01-21 18:45 - 2014-02-18 10:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3265754965-2365759906-3022362222-1001 2015-01-21 17:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-21 17:11 - 2013-11-06 12:26 - 00000000 ____D () C:\ProgramData\Norton 2015-01-21 16:58 - 2014-02-18 09:56 - 00000000 ____D () C:\ProgramData\Pokki 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\ProgramData\Acer 2015-01-21 16:54 - 2013-10-14 10:39 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-01-21 15:38 - 2013-11-06 12:27 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-21 15:15 - 2014-02-25 19:49 - 00000000 ____D () C:\Users\Veronika 2015-01-21 14:48 - 2014-11-06 10:31 - 00012246 _____ () C:\WINDOWS\system32\ScanResults.xml 2015-01-21 14:44 - 2014-11-06 10:26 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2015-01-21 14:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-19 22:32 - 2014-09-14 23:07 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-19 22:32 - 2014-09-14 23:07 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-14 16:55 - 2014-02-18 13:37 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2015-01-14 13:52 - 2014-02-18 12:29 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 13:50 - 2014-02-18 12:29 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-05 17:34 - 2014-02-23 17:06 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-01-05 17:15 - 2014-08-05 10:10 - 00003858 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1407229816 2015-01-05 17:15 - 2014-08-05 10:10 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk ==================== Files in the root of some directories ======= 2015-01-20 13:49 - 2015-01-26 12:17 - 0002560 _____ () C:\Users\Veronika\AppData\Local\CDXLExtendedShim.log 2014-02-18 11:24 - 2014-02-18 11:24 - 0898720 _____ () C:\ProgramData\1392717425.bdinstall.bin ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-20 14:17 ==================== End Of Log ============================ Die Datei für den Fixlog ist wieder zu lang und zu groß für den Anhang. |
|
26.01.2015, 18:06
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen egal, passt. Sehe ich im neuen Log. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2015, 14:50
| #9 |
| | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen Es klappt alles wieder, genau so wie es sein soll! Vielen, vielen Dank, dass Du meinen PC gerettet hast  |
|
27.01.2015, 20:15
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8: Selbstständiges Öffnen von Tabs und Fenstern beim Surfen |
| antivirus, canon, ccsetup, elex-tech, fehlermeldung, flash player, homepage, installation, launch, newtab, pokki entfernen, programm, registry, reimage repair entfernen, reimagerealtimeprotector, schließen sich, security, severe weather alerts entfernen, snap.do engine entfernen, snap.do entfernen, software, svchost.exe, symantec, windowsapps, winzipper entfernen, yac(yet another cleaner!) entfernen |
dann auf 
und dann auf 
. 
Linear-Darstellung
