|
Log-Analyse und Auswertung: Firefox falsche Startseite homepage-web.com/?s=acer&m=tabWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.02.2015, 14:01 | #1 |
| Firefox falsche Startseite homepage-web.com/?s=acer&m=tab Seit gestern wird bei Firefox als Startseite und als neuer Tab homepage-web.c om/?s=acer&m=tab angezeigt. Dachte erst Microsoft hat nun auch in DE auf Bing oder Yahoo umgestellt mbam liefert mir einen treffer der nun in quarantäne ist. Log hängt an, ebenso habe ich Junkware Removal durchlaufen lassen.... habt Ihr noch ne Idee?? Gleicher Fehler wie hier http://www.trojaner-board.de/163527-...tartseite.html mabm Anhang 72484 JRT Anhang 72485 Danke vorab für eure Hilfe |
10.02.2015, 14:03 | #2 |
/// TB-Ausbilder | Firefox falsche Startseite homepage-web.com/?s=acer&m=tab Hallo Finon
__________________Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten". So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Ideen haben wir viele Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
10.02.2015, 14:29 | #3 |
| Firefox falsche Startseite homepage-web.com/?s=acer&m=tab Danke schon mal vorab Timo....
__________________hier die Daten: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Doreen (administrator) on SCHUMANNPC on 10-02-2015 14:24:16 Running from C:\Users\Doreen\Downloads Loaded Profiles: Doreen (Available profiles: Doreen) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Magic Control Corp.) C:\Program Files (x86)\MCT Corp\MagicLink\Driver\Utility\PreLaunMlx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer) C:\Windows\SysWOW64\OSDSrv\OSDApp.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\HanseMerkur\ServiceExtensions\jre\bin\javaw.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [PreLaunMl] => C:\Program Files (x86)\MCT Corp\MagicLink\Driver\Utility\PreLaunMlx.exe [312088 2013-12-10] (Magic Control Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [OSDAPP] => C:\Windows\SysWOW64\OSDSrv\OSDApp.exe [2054656 2013-05-16] (Acer) HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-11-17] (Acer Incorporated) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90368 2014-11-20] () HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2004-03-09] (ScanSoft, Inc.) HKLM-x32\...\Run: [ISA Service Extensions] => C:\Program Files (x86)\HanseMerkur\ServiceExtensions\start_serviceextensions.bat [79 2013-11-06] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe, HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] ( (Atheros Communications)) HKU\S-1-5-21-1428779625-896211830-3418638806-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-1428779625-896211830-3418638806-1001\...\RunOnce: [Application Restart #1] => C:\Users\Doreen\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-cl (the data entry has 573 more characters). ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1428779625-896211830-3418638806-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start HKU\S-1-5-21-1428779625-896211830-3418638806-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKU\S-1-5-21-1428779625-896211830-3418638806-1001 -> DefaultScope {F286B655-B108-11E4-8265-18CF5E816976} URL = SearchScopes: HKU\S-1-5-21-1428779625-896211830-3418638806-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\q7n2ghuq.default FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab FF Homepage: google.de FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-09] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2709760 2014-11-17] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation) R2 OSDSrv; C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe [220672 2013-05-08] () [File not signed] S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH) R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH) R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated) R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2015-01-12] (G Data Software AG) R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-01-12] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2015-01-12] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2015-01-12] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-02-10] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-01-12] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2015-01-12] (G Data Software AG) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mlatvad; C:\Windows\System32\drivers\mlatvad.sys [62232 2014-03-10] (Chun-Chiang Corporation) R3 mlbuspci; C:\Windows\system32\drivers\mlbuspci.sys [34072 2013-12-03] (Magic Control Technology Corporation) R0 mlitdrv; C:\Windows\System32\drivers\mlitdrv.sys [66352 2014-01-09] (Chun-Chiang Corporation) R3 mlitfltr; C:\Windows\system32\drivers\mlitfltr.sys [43768 2013-12-02] (Chun-Chiang Corporation) R3 mlithid; C:\Windows\System32\drivers\mlithid.sys [41720 2013-11-14] (Chun-Chiang Corporation) R3 PQAWRwa; C:\Windows\SysWOW64\OSDSrv\PQAWDrv.sys [10464 2011-09-08] () [File not signed] R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-11-26] (Realtek semiconductor corp) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-10 14:24 - 2015-02-10 14:24 - 00018829 _____ () C:\Users\Doreen\Downloads\FRST.txt 2015-02-10 14:23 - 2015-02-10 14:24 - 00000000 ____D () C:\FRST 2015-02-10 14:15 - 2015-02-10 14:15 - 00050477 _____ () C:\Users\Doreen\Downloads\Defogger.exe 2015-02-10 14:13 - 2015-02-10 14:13 - 02132992 _____ (Farbar) C:\Users\Doreen\Downloads\FRST64.exe 2015-02-10 13:44 - 2015-02-10 13:44 - 00001708 _____ () C:\Users\Doreen\Desktop\JRT.txt 2015-02-10 13:35 - 2015-02-10 13:35 - 00000564 _____ () C:\Users\Doreen\Desktop\mbam2.txt 2015-02-10 13:34 - 2015-02-10 13:34 - 00001334 _____ () C:\Users\Doreen\Desktop\mbam.txt 2015-02-10 12:50 - 2015-02-10 12:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-10 12:50 - 2015-02-10 12:50 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-10 12:50 - 2015-02-10 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-10 12:50 - 2015-02-10 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-10 12:50 - 2015-02-10 12:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-10 12:50 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-10 12:50 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-10 12:50 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-10 12:35 - 2015-02-10 12:35 - 00852594 _____ () C:\Users\Doreen\Downloads\SecurityCheck.exe 2015-02-10 12:34 - 2015-02-10 12:34 - 02347384 _____ (ESET) C:\Users\Doreen\Downloads\esetsmartinstaller_deu.exe 2015-02-10 12:33 - 2015-02-10 12:33 - 01388274 _____ (Thisisu) C:\Users\Doreen\Downloads\JRT.exe 2015-02-10 12:32 - 2015-02-10 12:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Doreen\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-10 12:10 - 2015-02-10 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-02-04 13:23 - 2015-02-04 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-02-04 13:23 - 2015-02-04 13:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-02-04 13:23 - 2015-02-04 13:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-02-04 13:21 - 2015-02-04 13:22 - 13087456 _____ (Microsoft Corporation) C:\Users\Doreen\Downloads\Silverlight_x64.exe 2015-01-27 13:42 - 2015-01-27 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-21 17:48 - 2015-01-21 17:48 - 00000000 ____D () C:\Users\Doreen\Documents\Benutzerdefinierte Office-Vorlagen 2015-01-21 11:53 - 2015-01-21 11:53 - 00000999 _____ () C:\Users\Public\Desktop\isa makler.lnk 2015-01-21 11:53 - 2015-01-21 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HanseMerkur 2015-01-21 11:45 - 2015-01-21 11:48 - 125716576 _____ (Hanse Merkur ) C:\Users\Doreen\Downloads\isa makler(1).exe 2015-01-20 11:16 - 2015-02-10 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-20 11:16 - 2015-01-20 11:16 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-19 11:09 - 2015-01-19 11:09 - 00014848 ___SH () C:\Users\Doreen\Desktop\Thumbs.db 2015-01-14 13:43 - 2015-01-14 13:44 - 02222960 _____ () C:\Users\Doreen\Downloads\AXA-BT-Download.exe 2015-01-14 08:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 08:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 08:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 08:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 08:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 08:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 08:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 08:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 08:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 08:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 08:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 08:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 08:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 08:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 08:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 08:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 08:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 08:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 08:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 08:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 08:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 08:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 12:04 - 2015-01-13 12:04 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11 2015-01-13 12:01 - 2015-01-13 12:01 - 00001700 _____ () C:\Users\Public\Desktop\Helvetia Porta.lnk 2015-01-13 12:01 - 2015-01-13 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helvetia Porta 2015-01-13 12:01 - 2014-08-25 15:47 - 00001268 _____ () C:\~GLH0825.TMP 2015-01-13 11:59 - 2015-01-13 11:59 - 00000377 _____ () C:\Windows\ODBC.INI 2015-01-13 11:59 - 2015-01-13 11:59 - 00000223 _____ () C:\Windows\ODBCINST.INI 2015-01-13 11:59 - 2015-01-13 11:59 - 00000000 ____D () C:\ProgramFiles(x86) 2015-01-13 11:59 - 2015-01-13 11:59 - 00000000 ____D () C:\Program Files (x86)\SQLAnywhere11 2015-01-13 11:57 - 2015-01-13 11:57 - 00000000 ____D () C:\Program Files (x86)\Helvetia 2015-01-12 16:27 - 2015-01-12 16:27 - 00000000 ____D () C:\Users\Doreen\AppData\Local\PDF24 2015-01-12 16:26 - 2015-01-12 16:26 - 00001055 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk 2015-01-12 16:26 - 2015-01-12 16:26 - 00001035 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk 2015-01-12 16:26 - 2015-01-12 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2015-01-12 16:26 - 2015-01-12 16:26 - 00000000 ____D () C:\Program Files (x86)\PDF24 2015-01-12 16:24 - 2015-01-12 16:24 - 01174352 _____ () C:\Users\Doreen\Downloads\PDF24 Creator - CHIP-Installer.exe 2015-01-12 13:04 - 2015-01-12 13:04 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2015-01-12 13:04 - 2015-01-12 13:04 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2015-01-12 12:37 - 2015-01-12 12:37 - 00000000 ____D () C:\Users\Doreen\AppData\Roaming\G Data 2015-01-12 12:37 - 2015-01-12 12:37 - 00000000 ____D () C:\Users\Doreen\AppData\Local\G DATA 2015-01-12 12:24 - 2015-01-12 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-01-12 12:23 - 2015-01-12 12:23 - 01174352 _____ () C:\Users\Doreen\Downloads\McAfee Consumer Product Removal Tool - CHIP-Installer.exe 2015-01-12 11:57 - 2015-02-10 12:10 - 00001962 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-01-12 11:57 - 2015-01-12 12:17 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2015-01-12 11:57 - 2015-01-12 11:57 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2015-01-12 11:57 - 2015-01-12 11:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf 2015-01-12 11:56 - 2015-02-10 12:10 - 00068608 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2015-01-12 11:56 - 2015-01-12 11:56 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2015-01-12 11:56 - 2015-01-12 11:56 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2015-01-12 11:56 - 2015-01-12 11:56 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2015-01-12 11:56 - 2015-01-12 11:56 - 00019238 _____ () C:\Windows\DPINST.LOG 2015-01-12 11:56 - 2015-01-12 11:56 - 00000779 _____ () C:\Users\Doreen\AppData\Roaming\gdscan.log 2015-01-12 11:56 - 2015-01-12 11:56 - 00000000 _____ () C:\Users\Doreen\AppData\Roaming\gdfw.log 2015-01-12 11:54 - 2015-01-12 11:54 - 00000000 ____D () C:\Program Files (x86)\G DATA 2015-01-12 11:53 - 2015-01-12 12:06 - 00000000 ____D () C:\ProgramData\G Data 2015-01-12 11:37 - 2015-01-12 11:52 - 392879464 _____ (G Data Software AG) C:\Users\Doreen\Downloads\gdata-internetsecurity-2015(1).exe 2015-01-12 11:33 - 2015-01-12 11:46 - 392879464 _____ (G Data Software AG) C:\Users\Doreen\Downloads\gdata-internetsecurity-2015.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-10 14:11 - 2014-12-11 05:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1428779625-896211830-3418638806-1001 2015-02-10 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-10 13:45 - 2014-12-17 08:28 - 00000000 ____D () C:\Users\Doreen\Documents\Outlook-Dateien 2015-02-10 13:40 - 2014-07-22 12:01 - 02003466 _____ () C:\Windows\WindowsUpdate.log 2015-02-10 12:19 - 2014-12-11 05:41 - 00000000 ____D () C:\Users\Doreen\AppData\Local\Pokki 2015-02-10 12:13 - 2014-12-11 05:45 - 00000000 ___DO () C:\Users\Doreen\OneDrive 2015-02-10 12:12 - 2014-03-18 08:42 - 00028166 _____ () C:\Windows\PFRO.log 2015-02-10 12:12 - 2013-08-22 15:46 - 00014192 _____ () C:\Windows\setupact.log 2015-02-10 12:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-10 12:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-09 11:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-06 13:09 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-03 20:31 - 2014-12-12 01:33 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-12-12 01:33 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 14:30 - 2014-12-11 05:41 - 00000000 ____D () C:\Users\Doreen\AppData\Local\Packages 2015-02-02 14:12 - 2014-12-11 05:41 - 00000000 ____D () C:\Users\Doreen\AppData\Roaming\Adobe 2015-01-30 16:05 - 2014-12-12 01:50 - 00000000 ____D () C:\Users\Doreen\Documents\Versicherungswelt 2015-01-28 13:43 - 2014-12-12 07:10 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-01-21 11:53 - 2014-12-15 15:34 - 00000000 ____D () C:\Program Files (x86)\HanseMerkur 2015-01-21 11:48 - 2014-12-15 15:35 - 00000000 ____D () C:\Users\Doreen\AppData\Roaming\HanseMerkurISAMA 2015-01-15 11:49 - 2014-12-11 08:54 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 11:46 - 2014-12-11 08:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 12:04 - 2014-12-11 05:41 - 00000000 ____D () C:\Users\Doreen\AppData\Local\VirtualStore 2015-01-12 16:02 - 2015-01-09 15:04 - 00000000 ____D () C:\Users\Doreen\AppData\Local\PDFCreator 2015-01-12 12:33 - 2014-03-18 10:01 - 00000000 ____D () C:\Program Files\mcafee 2015-01-12 12:30 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP ==================== Files in the root of some directories ======= 2015-01-12 11:56 - 2015-01-12 11:56 - 0000000 _____ () C:\Users\Doreen\AppData\Roaming\gdfw.log 2015-01-12 11:56 - 2015-01-12 11:56 - 0000779 _____ () C:\Users\Doreen\AppData\Roaming\gdscan.log 2014-07-22 12:30 - 2014-07-22 12:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP: ==================== C:\Users\Doreen\AppData\Local\Temp\oct16A0.tmp.exe C:\Users\Doreen\AppData\Local\Temp\oct1C80.tmp.exe C:\Users\Doreen\AppData\Local\Temp\oct4087.tmp.exe C:\Users\Doreen\AppData\Local\Temp\oct467E.tmp.exe C:\Users\Doreen\AppData\Local\Temp\oct46D1.tmp.exe C:\Users\Doreen\AppData\Local\Temp\oct4F02.tmp.exe C:\Users\Doreen\AppData\Local\Temp\octB6A5.tmp.exe C:\Users\Doreen\AppData\Local\Temp\OfficeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 11:55 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Doreen at 2015-02-10 14:24:59 Running from C:\Users\Doreen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2003 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated) abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2011.0 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated) Acer PanelOnOff (HKLM-x32\...\{55F2D48B-6022-4722-9B55-47CC4FA7DBD6}) (Version: 1.0.3.822 - Acer) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.2007 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated) Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated) Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated) Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated) Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated) Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.03.2001.0 - Acer Incorporated) Aspire Link 14.01.0313.4097 (HKLM-x32\...\{68CA549D-CBD7-41B1-BED4-BF26373F67E7}) (Version: 14.01.0313.4097 - Acer Inc.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3716.57 - CyberLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc) G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.4 - G DATA Software AG) HanseMerkur ISA Makler (HKLM-x32\...\HanseMerkurISAMA) (Version: 1.24.0 - HanseMerkur Krankenversicherung AG) HanseMerkur ISA Makler (x32 Version: 1.24.0 - HanseMerkur Krankenversicherung AG) Hidden HanseMerkur ISA Service Extensions (HKLM-x32\...\{280E91D7-BBA8-42A2-8F45-00FD89E454B0}_is1) (Version: 2.0.10 - Hanse Merkur) Helvetia Porta (HKLM-x32\...\Helvetia Porta) (Version: - Helvetia Versicherungen Deutschland) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8102 - Acer Incorporated) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.14 - Intel(R) Corporation) Hidden Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1428779625-896211830-3418638806-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG) NVIDIA Grafiktreiber 332.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.50 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation) NVIDIA Update 11.10.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 11.10.11 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH) PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge) Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.30169 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.) SQLAnywhere11 (HKLM-x32\...\SQLAnywhere11) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1428779625-896211830-3418638806-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1428779625-896211830-3418638806-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Doreen\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1428779625-896211830-3418638806-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Doreen\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1428779625-896211830-3418638806-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Doreen\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1428779625-896211830-3418638806-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Doreen\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 20-01-2015 12:47:23 Windows Update 30-01-2015 13:49:55 Windows Update 04-02-2015 17:40:46 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {21C0AA2B-886B-477E-9802-CB0F717A09BA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] () Task: {26F7303A-9736-4AF7-9D02-4C7DDEC9633B} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-12-30] (Acer Incorporated) Task: {2B9089E9-A6DB-4C9F-8859-10BBD92F77F4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation) Task: {382E0356-ABD3-460B-A41E-0856A2C36385} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {65D3E391-0A29-4021-8964-3722765BCB90} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {6E377E65-97E4-4E42-8EDC-B382B80160AF} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated) Task: {74E33A15-9D9E-4564-888E-E6D6FC383ACA} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated) Task: {75251AA4-F778-40D9-83B5-70E0C610DD00} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.) Task: {7B018804-5236-41C1-95D3-8DB85595A04F} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>) Task: {9D1DCDF8-B3D7-47CD-A506-131A09A8F902} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {A04C4809-365E-44AD-8B1C-12F60F739A26} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {AF4B07C8-045C-48ED-A46A-95708983D733} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-01-06] (Acer Incorporated) Task: {B1C710E2-7F84-4CA3-A990-A8B5B7ABF2A2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-01-16] (Acer Incorporated) Task: {C2D8BDAB-7FEA-4F5B-A89A-DD734094A676} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated) Task: {CADB0E31-567C-46FC-BF99-EF7F00A1AD8C} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated) Task: {CF7D5B19-A50F-420E-A4C9-F415ADC30D4F} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated) ==================== Loaded Modules (whitelisted) ============== 2014-07-22 12:34 - 2014-01-24 07:27 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-13 12:18 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-07-22 12:18 - 2013-05-08 08:21 - 00220672 _____ () C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe 2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2013-09-09 12:13 - 2013-09-09 12:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2013-12-24 01:22 - 2013-12-24 01:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-12-24 01:20 - 2013-12-24 01:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-12-24 01:26 - 2013-12-24 01:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2014-11-20 13:06 - 2014-11-20 13:06 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe 2014-11-20 13:06 - 2014-11-20 13:06 - 00089856 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2014-09-16 10:15 - 2014-09-16 10:15 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2014-09-16 10:16 - 2014-09-16 10:16 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2014-09-16 10:16 - 2014-09-16 10:16 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2014-09-16 10:16 - 2014-09-16 10:16 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2014-12-11 05:45 - 2014-12-11 05:45 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2014-11-17 10:57 - 2014-11-17 10:57 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2014-11-17 10:53 - 2014-11-17 10:53 - 00279296 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2014-11-20 13:06 - 2014-11-20 13:06 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll 2014-07-22 12:28 - 2013-12-09 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2010-12-17 11:56 - 2010-12-17 11:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2013-03-07 11:53 - 2013-03-07 11:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2010-12-17 11:56 - 2010-12-17 11:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2010-12-17 11:56 - 2010-12-17 11:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2010-01-12 15:55 - 2010-01-12 15:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2010-01-12 15:55 - 2010-01-12 15:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2010-12-16 11:16 - 2010-12-16 11:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2010-01-17 22:34 - 2010-01-17 22:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2013-03-07 11:55 - 2013-03-07 11:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2013-03-07 11:58 - 2013-03-07 11:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2013-03-07 11:54 - 2013-03-07 11:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2015-01-15 11:14 - 2015-01-15 11:14 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-01-15 11:16 - 2015-01-15 11:20 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2015-01-27 13:42 - 2015-01-27 13:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Doreen\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1428779625-896211830-3418638806-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1428779625-896211830-3418638806-500 - Administrator - Disabled) Doreen (S-1-5-21-1428779625-896211830-3418638806-1001 - Administrator - Enabled) => C:\Users\Doreen Gast (S-1-5-21-1428779625-896211830-3418638806-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1428779625-896211830-3418638806-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/10/2015 02:23:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors: ============= Error: (02/10/2015 02:25:09 PM) (Source: DCOM) (EventID: 10010) (User: SCHUMANNPC) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Error: (02/10/2015 02:24:39 PM) (Source: DCOM) (EventID: 10010) (User: SCHUMANNPC) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Error: (02/10/2015 02:24:09 PM) (Source: DCOM) (EventID: 10010) (User: SCHUMANNPC) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Error: (02/10/2015 02:23:39 PM) (Source: DCOM) (EventID: 10010) (User: SCHUMANNPC) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Microsoft Office Sessions: ========================= Error: (02/10/2015 02:23:19 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Doreen\Downloads\esetsmartinstaller_deu.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4460T CPU @ 1.90GHz Percentage of memory in use: 43% Total physical RAM: 3996.47 MB Available physical RAM: 2263.14 MB Total Pagefile: 5276.47 MB Available Pagefile: 2689.99 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:456.81 GB) (Free:417.68 GB) NTFS Drive d: (DATA) (Fixed) (Total:456.81 GB) (Free:456.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 148ECFE6) Partition: GPT Partition Type. ==================== End Of Log ============================ |
10.02.2015, 15:01 | #4 |
/// TB-Ausbilder | Firefox falsche Startseite homepage-web.com/?s=acer&m=tab Downloade Dir bitte AdwCleaner auf deinen Desktop.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte SecurityCheck und:
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
Themen zu Firefox falsche Startseite homepage-web.com/?s=acer&m=tab |
acer, als startseite, falsche, falsche startseite, fehler, firefox, firefox startseite, gestern, hilfe, homepage-web, hängt, junkware, liefert, log, microsoft, neuer, quara, quarantäne, removal, seite, startseite, tab, treffer, yahoo |