|
Plagegeister aller Art und deren Bekämpfung: Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/WerbelinksWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.04.2015, 14:01 | #1 |
| Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Hallo hier ans Forum.... Ich hab mich soeben hier registriert, weil ich o.g. Problem habe. Seit ein paar Tagen sind bei mir viele Wörter doppelt unterstrichen, diese werde zu Werbelinks. Und was total nervt sind die WerbePopups die überall aufgehen. Könnt ihr mir da weiterhelfen?? Danke und Gruss jorgo |
07.04.2015, 15:00 | #2 |
/// the machine /// TB-Ausbilder | Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
08.04.2015, 10:17 | #3 |
| Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Hallo schrauber.....
__________________Danke für deine Hilfe. Hier die beiden logs: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by jorgos (administrator) on JORGO on 07-04-2015 14:21:05 Running from C:\Users\jorgos\Desktop Loaded Profiles: jorgos & UpdatusUser (Available profiles: jorgos & UpdatusUser) Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Simply Super Software) C:\Program Files\Trojan Remover\Rmvtrjan.exe (Simply Super Software) C:\Program Files\Trojan Remover\Rmvtrjan.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [IATSKY] => C:\Program Files\i@Sky WIC\iatsky.exe [335872 2011-07-26] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1797496 2015-03-28] (Simply Super Software) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [EPSON SX218 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoToolbarCustomize] 0 HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoBandCustomize] 0 HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\MountPoints2: {f167bd85-c812-11e4-973e-0018f3d9a0c3} - "F:\DTVP_Launcher.exe" BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-2876399589-1292273160-1852779638-1004] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default FF SelectedSearchEngine: webssearches FF Homepage: ebay.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\abs@avira.com [2015-03-31] FF Extension: Mozilla Firefox Hotfixer - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\veggy@veggyAddon.com [2015-04-05] FF Extension: Zoom It - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{bac55ac8-2902-89e3-8c76-04f4c3eb8b76} [2015-04-06] FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28] FF Extension: Adblock Plus - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28] FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation) S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2015-04-06] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation) S3 WN111v2; C:\Windows\system32\DRIVERS\WN111v2v.sys [449536 2008-09-29] (Atheros Communications, Inc.) R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [57344 2014-04-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-07 14:21 - 2015-04-07 14:21 - 00012806 _____ () C:\Users\jorgos\Desktop\FRST.txt 2015-04-07 14:20 - 2015-04-07 14:21 - 00000000 ____D () C:\FRST 2015-04-07 14:18 - 2015-04-07 14:20 - 01135104 _____ (Farbar) C:\Users\jorgos\Desktop\FRST.exe 2015-04-07 10:34 - 2015-04-07 10:35 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-07 10:34 - 2015-04-07 10:34 - 00000000 ____D () C:\ProgramData\Licenses 2015-04-07 10:33 - 2015-04-07 10:33 - 00001120 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\Documents\Simply Super Software 2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Simply Super Software 2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-04-07 10:32 - 2015-04-07 10:33 - 00000000 ____D () C:\Program Files\Trojan Remover 2015-04-07 10:32 - 2015-04-07 10:32 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-04-07 10:31 - 2015-04-07 10:31 - 01203488 _____ () C:\Users\jorgos\Desktop\Trojan Remover - CHIP-Installer.exe 2015-04-06 19:42 - 2015-04-06 19:42 - 00000000 ____D () C:\Users\jorgos\Documents\ProcAlyzer Dumps 2015-04-06 18:49 - 2013-08-22 08:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150406-184941.backup 2015-04-06 18:30 - 2015-04-06 19:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-04-06 18:30 - 2015-04-06 18:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-04-06 18:30 - 2015-04-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-04-06 18:30 - 2015-04-06 18:30 - 00002154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-04-06 18:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2015-04-06 17:49 - 2015-04-06 17:49 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\eCyber 2015-04-06 17:30 - 2015-04-06 17:30 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-04-06 16:00 - 2015-04-06 16:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\LavasoftStatistics 2015-04-06 15:32 - 2015-04-06 15:32 - 00000340 _____ () C:\Windows\PFRO.log 2015-04-06 14:23 - 2015-04-07 13:06 - 00351845 _____ () C:\Windows\WindowsUpdate.log 2015-04-06 14:22 - 2015-04-06 18:08 - 00000696 _____ () C:\Windows\setupact.log 2015-04-06 14:22 - 2015-04-06 14:22 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-06 14:16 - 2015-04-06 14:30 - 00000000 ____D () C:\AdwCleaner 2015-04-03 19:47 - 2015-04-03 19:47 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-04-03 19:26 - 2015-04-03 19:32 - 00000000 ____D () C:\Users\jorgos\AppData\Local\Sidebar7 2015-04-03 19:11 - 2015-04-03 19:11 - 00000000 ____D () C:\Windows\system32\log 2015-04-02 20:55 - 2015-04-03 14:55 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-04-01 16:44 - 2015-04-01 16:45 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-01 16:43 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-31 19:15 - 2015-03-31 19:15 - 00000000 ____D () C:\Users\jorgos\Desktop\unibox 2015-03-31 19:12 - 2015-03-31 19:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-19 21:07 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-19 21:07 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-19 21:07 - 2015-01-31 01:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-19 21:07 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-19 21:07 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-19 21:06 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-19 21:06 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-19 21:06 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-19 21:06 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-19 21:06 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-19 21:06 - 2015-01-30 04:25 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-19 21:06 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-19 21:06 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-19 21:06 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-19 21:06 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-19 21:06 - 2015-01-29 02:56 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-19 21:06 - 2015-01-29 02:55 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-19 21:06 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-19 21:06 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-19 21:06 - 2014-12-11 07:40 - 00041296 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-19 21:05 - 2015-02-26 01:27 - 03543552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-19 21:05 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-19 21:05 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-19 21:05 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-19 21:05 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-19 21:05 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-19 21:05 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-19 21:05 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-19 21:05 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-19 21:05 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-19 21:05 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-19 21:05 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-03-19 21:05 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-19 21:05 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-19 21:05 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-19 21:05 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-19 21:05 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-19 21:05 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-19 21:05 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-19 21:05 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-19 21:05 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-19 21:05 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-19 21:05 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-19 21:05 - 2015-01-24 04:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-19 21:05 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-19 21:05 - 2015-01-24 02:48 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-19 21:04 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-19 21:04 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-19 21:04 - 2015-02-05 22:17 - 00869696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-19 21:04 - 2015-02-04 01:51 - 00227136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-19 21:04 - 2015-02-04 01:51 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-19 21:04 - 2015-02-04 01:51 - 00038392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-19 21:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-19 21:04 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-19 21:04 - 2015-01-28 17:35 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-19 21:04 - 2015-01-28 17:35 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-03-19 21:04 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-19 21:04 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-18 16:06 - 2015-03-18 16:06 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-03-11 19:36 - 2015-03-11 19:36 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\elsterformular 2015-03-11 19:35 - 2015-03-11 19:36 - 00000000 ____D () C:\ProgramData\elsterformular 2015-03-11 19:35 - 2015-03-11 19:35 - 00001449 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2015-03-11 19:35 - 2015-03-11 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-03-11 19:34 - 2015-03-11 19:34 - 00000000 ____D () C:\Program Files\ElsterFormular ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-07 13:02 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru 2015-04-07 11:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-06 19:05 - 2015-02-03 19:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-06 18:08 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-06 17:29 - 2013-08-22 10:17 - 00000000 ___SD () C:\Program Files\Windows Sidebar 2015-04-06 15:13 - 2014-12-27 19:46 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-06 14:21 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-04-06 14:20 - 2014-12-27 21:29 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-06 14:20 - 2014-12-27 19:42 - 00001173 _____ () C:\Users\jorgos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-06 13:12 - 2015-02-03 19:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 12:27 - 2015-01-10 19:39 - 00000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd 2015-04-05 17:00 - 2014-12-30 18:36 - 00191488 ___SH () C:\Users\jorgos\Desktop\Thumbs.db 2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\Program Files\Java 2015-04-03 19:47 - 2014-12-28 14:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-04-03 19:27 - 2015-01-29 20:53 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\dlg 2015-04-03 18:57 - 2014-12-27 21:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-01 16:45 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-01 16:27 - 2014-12-28 20:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\AbiSuite 2015-04-01 16:05 - 2014-12-27 19:42 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Adobe 2015-03-20 20:21 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\rescache 2015-03-19 21:37 - 2013-08-22 09:22 - 00335400 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-19 21:13 - 2014-12-27 20:34 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-19 21:09 - 2014-12-27 20:34 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-19 21:08 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-11 19:35 - 2014-12-28 16:05 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-10 19:24 - 2014-12-28 16:07 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-10 19:24 - 2014-12-28 16:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-10 19:24 - 2014-12-28 16:03 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys ==================== Files in the root of some directories ======= 2015-01-10 19:39 - 2015-04-06 12:27 - 0000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd Some content of TEMP: ==================== C:\Users\jorgos\AppData\Local\Temp\avgnt.exe C:\Users\jorgos\AppData\Local\Temp\Quarantine.exe C:\Users\jorgos\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-31 17:24 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by jorgos at 2015-04-07 14:21:55 Running from C:\Users\jorgos\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AbiWord 2.9.4 (HKLM\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) AIDA64 Extreme v5.00 (HKLM\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.) Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG) Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Druckerdeinstallation für EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version: - SEIKO EPSON Corporation) ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) i@Sky WIC (Version: 1.1 - iatsky) Hidden Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla) Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) NVIDIA Graphics Driver 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH) Trojan Remover 6.9.2 (HKLM\...\Trojan Remover_is1) (Version: 6.9.2 - Simply Super Software) TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WinSCP 5.5.6 (HKLM\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-03-2015 17:51:07 Scheduled Checkpoint 28-03-2015 16:19:58 Scheduled Checkpoint 01-04-2015 16:43:26 Windows Update 03-04-2015 19:25:37 Installed 8GadgetPack 06-04-2015 15:55:43 AA11 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CC374A6-AA33-4ABC-9EEB-243B570A1A46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {3A3F4A2F-5E12-4898-9C85-98080177DC70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-19] (Microsoft Corporation) Task: {61D65029-43A4-4525-8311-EFD082831AC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {68376594-DB60-415E-94C9-CAD8C269499A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {70CED5DF-1D85-4F18-9888-3A95F4E59748} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {71850874-7714-41E7-8010-BAD3490B68CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8CAC15CA-063B-4C47-AD12-4DDC9DF7C545} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {9571C70C-95B4-4C00-9ED2-3C80DA517AB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {9DB4C1B1-286D-44CF-82FE-567D3E1E7B71} - System32\Tasks\{33182CA7-CD66-4C84-902B-1E88725708CB} => pcalua.exe -a "C:\Users\jorgos\Desktop\S4 mini CM\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\jorgos\Desktop\S4 mini CM" Task: {B59853BD-A88D-4BE5-A6B7-DCF87E85FD1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION Task: {D323F6E3-EBB6-4F07-9BDA-09C35D772981} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {FE8F91A1-9D52-4D6F-9E69-5FE84401F0DA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============== 2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll 2015-04-06 18:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-04-06 18:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2015-04-06 18:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-04-06 18:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2015-04-06 18:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll 2015-04-02 20:55 - 2015-04-02 20:55 - 03348592 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2015-04-02 20:55 - 2015-04-02 20:55 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2015-04-02 20:55 - 2015-04-02 20:55 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll 2015-02-06 20:23 - 2015-02-06 20:23 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Control Panel\Desktop\\Wallpaper -> F:\E\Jorgo III\Wallpaper\15 (2).jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run: => "Avira Systray" HKLM\...\StartupApproved\Run: => "IATSKY" HKLM\...\StartupApproved\Run: => "SDTray" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\StartupFolder: => "Sidebar29.lnk" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Clock Widget (HTC Home)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Weather Widget (HTC Home)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series (Copy 1)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Accounts: ============================= Administrator (S-1-5-21-2876399589-1292273160-1852779638-500 - Administrator - Disabled) Guest (S-1-5-21-2876399589-1292273160-1852779638-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2876399589-1292273160-1852779638-1003 - Limited - Enabled) jorgos (S-1-5-21-2876399589-1292273160-1852779638-1001 - Administrator - Enabled) => C:\Users\jorgos UpdatusUser (S-1-5-21-2876399589-1292273160-1852779638-1004 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/07/2015 10:23:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/07/2015 10:23:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (04/06/2015 06:09:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/06/2015 06:09:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/06/2015 05:50:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: uninstall.exe_YAC Security Protection, Version: 6.0.188.23675, Zeitstempel: 0x550b98cf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846b4 Ausnahmecode: 0xc000009a Fehleroffset: 0x00096c04 ID des fehlerhaften Prozesses: 0x1220 Startzeit der fehlerhaften Anwendung: 0xuninstall.exe_YAC Security Protection0 Pfad der fehlerhaften Anwendung: uninstall.exe_YAC Security Protection1 Pfad des fehlerhaften Moduls: uninstall.exe_YAC Security Protection2 Berichtskennung: uninstall.exe_YAC Security Protection3 Vollständiger Name des fehlerhaften Pakets: uninstall.exe_YAC Security Protection4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: uninstall.exe_YAC Security Protection5 Error: (04/06/2015 05:49:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.1.1.0, Zeitstempel: 0x54124c79 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x6cc Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0 Pfad der fehlerhaften Anwendung: mbamscheduler.exe1 Pfad des fehlerhaften Moduls: mbamscheduler.exe2 Berichtskennung: mbamscheduler.exe3 Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5 Error: (04/06/2015 04:18:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/06/2015 04:18:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Weather.exe, Version: 3.1.68.0, Zeitstempel: 0x54c7c92e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504b59 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00011cda ID des fehlerhaften Prozesses: 0x13d4 Startzeit der fehlerhaften Anwendung: 0xWeather.exe0 Pfad der fehlerhaften Anwendung: Weather.exe1 Pfad des fehlerhaften Moduls: Weather.exe2 Berichtskennung: Weather.exe3 Vollständiger Name des fehlerhaften Pakets: Weather.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Weather.exe5 Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Weather.exe, Version: 3.1.68.0, Zeitstempel: 0x54c7c92e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504b59 Ausnahmecode: 0xe0434352 Fehleroffset: 0x00011cda ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0xWeather.exe0 Pfad der fehlerhaften Anwendung: Weather.exe1 Pfad des fehlerhaften Moduls: Weather.exe2 Berichtskennung: Weather.exe3 Vollständiger Name des fehlerhaften Pakets: Weather.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Weather.exe5 System errors: ============= Error: (04/07/2015 11:46:22 AM) (Source: DCOM) (EventID: 10010) (User: jorgo) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/07/2015 11:45:52 AM) (Source: DCOM) (EventID: 10010) (User: jorgo) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/06/2015 08:32:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/06/2015 08:32:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/06/2015 08:32:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (04/06/2015 03:32:58 PM) (Source: DCOM) (EventID: 10016) (User: jorgo) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/06/2015 02:31:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Windows Media Player Network Sharing Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (04/06/2015 02:31:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (04/06/2015 02:30:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player Network Sharing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service. Error: (04/06/2015 02:30:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (04/07/2015 10:23:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/07/2015 10:23:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (04/06/2015 06:09:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/06/2015 06:09:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/06/2015 05:50:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: uninstall.exe_YAC Security Protection6.0.188.23675550b98cfntdll.dll6.3.9600.1766854c846b4c000009a00096c04122001d0708168a9196fC:\Users\jorgos\AppData\Local\Temp\ISAFE_00000000\uninstall.exeC:\Windows\SYSTEM32\ntdll.dllade0d60d-dc74-11e4-974a-0018f3d9a0c3 Error: (04/06/2015 05:49:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbamscheduler.exe3.1.1.054124c79MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6cc01d0707989ba315fC:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll85fafbea-dc74-11e4-974a-0018f3d9a0c3 Error: (04/06/2015 04:18:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/06/2015 04:18:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Weather.exe3.1.68.054c7c92eKERNELBASE.dll6.3.9600.1741554504b59e043435200011cda13d401d070747a911aa8C:\Program Files\HTC Home 3\Weather.exeC:\Windows\system32\KERNELBASE.dllb960856b-dc67-11e4-974a-0018f3d9a0c3 Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Weather.exe3.1.68.054c7c92eKERNELBASE.dll6.3.9600.1741554504b59e043435200011cda104c01d070746f6b062dC:\Program Files\HTC Home 3\Weather.exeC:\Windows\system32\KERNELBASE.dllb94186ef-dc67-11e4-974a-0018f3d9a0c3 ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Percentage of memory in use: 66% Total physical RAM: 2046.49 MB Available physical RAM: 677.65 MB Total Pagefile: 2711 MB Available Pagefile: 821.52 MB Total Virtual: 2047.88 MB Available Virtual: 1854.27 MB ==================== Drives ================================ Drive c: (jorgo I) (Fixed) (Total:117.55 GB) (Free:93.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (jorgo II) (Fixed) (Total:115.33 GB) (Free:84.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E4D0F4C) Partition 1: (Active) - (Size=117.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=115.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ jorgo Moin, Ic h antworte mir mal kurz selber....bzw. Info: Da ich neben Firefox auch noch IE11 als Browser installiert habe, und bemerkte, das ich mit IE11 keinerlei Probleme habe bezüglich Popup/unterstrichene Wörter/Werbelinks....hab ich mal einfach Firefox deinstalliert, .Malwareantibytes .CCLEANER ( mit Registry Check ) .und adw cleaner durchlaufen lassen, Firefox anschliessend wieder installiert,und siehe da, das Problem hat sich anscheinend in Luft aufgelöst. Alles läuft wieder so wie vorher. Nichts mehr zu sehen von meinen Problemen..... Hoffentlich bleibt das so. Gruss jorgo EDIT: Guten Morgen, Kann es sein das sich durch eine Neuinstallation von Firefox mein Problem sich erledigt hat? Es wäre schön, wenn sich einer der Experten dazu äussern könnte, damit ich beruhigt bin, und mich sicher fühlen kann... DANKE und Gruss jorgo |
08.04.2015, 17:44 | #4 |
/// the machine /// TB-Ausbilder | Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Jap, aber zur Kontrolle bitte frische FRST Logs
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.04.2015, 17:55 | #5 |
| Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Nabend schrauber.... Here they are : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by jorgos at 2015-04-08 18:51:51 Running from C:\Users\jorgos\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AbiWord 2.9.4 (HKLM\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) AIDA64 Extreme v5.00 (HKLM\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.) Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG) Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Druckerdeinstallation für EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version: - SEIKO EPSON Corporation) ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) i@Sky WIC (Version: 1.1 - iatsky) Hidden Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla) Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) NVIDIA Graphics Driver 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH) Trojan Remover 6.9.2 (HKLM\...\Trojan Remover_is1) (Version: 6.9.2 - Simply Super Software) TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software) TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WinSCP 5.5.6 (HKLM\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-03-2015 17:51:07 Scheduled Checkpoint 28-03-2015 16:19:58 Scheduled Checkpoint 01-04-2015 16:43:26 Windows Update 03-04-2015 19:25:37 Installed 8GadgetPack 06-04-2015 15:55:43 AA11 07-04-2015 15:53:33 Wiederherstellungsvorgang ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CC374A6-AA33-4ABC-9EEB-243B570A1A46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {61D65029-43A4-4525-8311-EFD082831AC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {68376594-DB60-415E-94C9-CAD8C269499A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software) Task: {70CED5DF-1D85-4F18-9888-3A95F4E59748} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {71850874-7714-41E7-8010-BAD3490B68CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {7982B88F-93F0-451C-91A5-A4D6802F077A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-19] (Microsoft Corporation) Task: {8CAC15CA-063B-4C47-AD12-4DDC9DF7C545} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {9571C70C-95B4-4C00-9ED2-3C80DA517AB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: {9DB4C1B1-286D-44CF-82FE-567D3E1E7B71} - System32\Tasks\{33182CA7-CD66-4C84-902B-1E88725708CB} => pcalua.exe -a "C:\Users\jorgos\Desktop\S4 mini CM\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\jorgos\Desktop\S4 mini CM" Task: {B59853BD-A88D-4BE5-A6B7-DCF87E85FD1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION Task: {D323F6E3-EBB6-4F07-9BDA-09C35D772981} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: {FE8F91A1-9D52-4D6F-9E69-5FE84401F0DA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============== 2015-04-06 18:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-04-06 18:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-04-06 18:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2015-04-06 18:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2015-04-06 18:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll 2015-04-02 20:55 - 2015-04-02 20:55 - 03348592 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll 2015-04-02 20:55 - 2015-04-02 20:55 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll 2015-04-02 20:55 - 2015-04-02 20:55 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Control Panel\Desktop\\Wallpaper -> F:\E\Jorgo III\Wallpaper\15 (2).jpg HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> F:\E\Jorgo III\Wallpaper\15 (2).jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run: => "Avira Systray" HKLM\...\StartupApproved\Run: => "IATSKY" HKLM\...\StartupApproved\Run: => "SDTray" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\StartupFolder: => "Sidebar29.lnk" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Clock Widget (HTC Home)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Weather Widget (HTC Home)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series (Copy 1)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Sidebar29.lnk" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Clock Widget (HTC Home)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Weather Widget (HTC Home)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EPSON SX218 Series" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EPSON SX218 Series (Copy 1)" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Accounts: ============================= Administrator (S-1-5-21-2876399589-1292273160-1852779638-500 - Administrator - Disabled) Guest (S-1-5-21-2876399589-1292273160-1852779638-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2876399589-1292273160-1852779638-1003 - Limited - Enabled) jorgos (S-1-5-21-2876399589-1292273160-1852779638-1001 - Administrator - Enabled) => C:\Users\jorgos UpdatusUser (S-1-5-21-2876399589-1292273160-1852779638-1004 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/08/2015 05:09:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/08/2015 05:09:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=4 Error: (04/08/2015 10:52:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/08/2015 10:17:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/08/2015 10:17:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (04/08/2015 10:15:24 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt. Error: (04/07/2015 06:22:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/07/2015 06:21:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/07/2015 04:51:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01a07088 ID des fehlerhaften Prozesses: 0x117c Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1 Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2 Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3 Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5 Error: (04/07/2015 03:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: hr=0xC004F074 Befehlszeilenargumente: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (04/08/2015 10:27:06 AM) (Source: DCOM) (EventID: 10010) (User: jorgo) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/08/2015 10:26:36 AM) (Source: DCOM) (EventID: 10010) (User: jorgo) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/07/2015 07:06:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (04/07/2015 07:06:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (04/07/2015 03:56:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: In der Dateisystemstruktur auf Volume "jorgo I" wurde eine Beschädigung erkannt. A corruption was found in a file system index structure. The file reference number is 0x1000000000d8f. The name of the file is "\Windows\System32". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". Error: (04/07/2015 03:41:04 PM) (Source: DCOM) (EventID: 10016) (User: jorgo) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/07/2015 03:41:02 PM) (Source: DCOM) (EventID: 10016) (User: jorgo) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/07/2015 03:41:02 PM) (Source: DCOM) (EventID: 10016) (User: jorgo) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (04/07/2015 03:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Security Center" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (04/07/2015 03:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Security Center" ist vom Dienst "Windows Management Instrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1115 Microsoft Office Sessions: ========================= Error: (04/08/2015 05:09:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/08/2015 05:09:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=4 Error: (04/08/2015 10:52:12 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\totalcmd\TCUNIN64.EXE Error: (04/08/2015 10:17:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/08/2015 10:17:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (04/08/2015 10:15:24 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: 0x8898008d Error: (04/07/2015 06:22:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/07/2015 06:21:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/07/2015 04:51:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379unknown0.0.0.000000000c000000501a07088117c01d0713b506e468bC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeunknown8cf55750-dd35-11e4-974d-0018f3d9a0c3 Error: (04/07/2015 03:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Percentage of memory in use: 56% Total physical RAM: 2046.49 MB Available physical RAM: 897.79 MB Total Pagefile: 2686.49 MB Available Pagefile: 810.48 MB Total Virtual: 2047.88 MB Available Virtual: 1897.74 MB ==================== Drives ================================ Drive c: (jorgo I) (Fixed) (Total:117.55 GB) (Free:93.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (jorgo II) (Fixed) (Total:115.33 GB) (Free:84.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E4D0F4C) Partition 1: (Active) - (Size=117.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=115.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by jorgos (administrator) on JORGO on 08-04-2015 18:51:18 Running from C:\Users\jorgos\Desktop Loaded Profiles: jorgos & UpdatusUser (Available profiles: jorgos & UpdatusUser) Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (Microsoft Corporation) C:\Windows\System32\dasHost.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [IATSKY] => C:\Program Files\i@Sky WIC\iatsky.exe [335872 2011-07-26] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1797496 2015-03-28] (Simply Super Software) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [EPSON SX218 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoToolbarCustomize] 0 HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoBandCustomize] 0 HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\MountPoints2: {f167bd85-c812-11e4-973e-0018f3d9a0c3} - "F:\DTVP_Launcher.exe" HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON SX218 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoToolbarCustomize] 0 HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoBandCustomize] 0 HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f167bd85-c812-11e4-973e-0018f3d9a0c3} - "F:\DTVP_Launcher.exe" BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-2876399589-1292273160-1852779638-1004] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default FF SelectedSearchEngine: webssearches FF Homepage: ebay.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\abs@avira.com [2015-03-31] FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28] FF Extension: Adblock Plus - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28] FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation) S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation) S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [37384 2015-03-10] (Avira Operations GmbH & Co. KG) R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation) S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2015-04-06] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation) S3 WN111v2; C:\Windows\system32\DRIVERS\WN111v2v.sys [449536 2008-09-29] (Atheros Communications, Inc.) R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation) R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [57344 2014-04-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 18:51 - 2015-04-08 18:51 - 00014879 _____ () C:\Users\jorgos\Desktop\FRST.txt 2015-04-08 13:37 - 2015-04-08 13:38 - 60418963 _____ () C:\Users\jorgos\Desktop\openatv-5.0-xp1000mk-20150407_usb.zip 2015-04-07 19:17 - 2015-04-07 19:17 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-07 19:16 - 2015-04-07 19:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-07 19:16 - 2015-04-07 19:16 - 00243656 _____ () C:\Users\jorgos\Downloads\Firefox Setup Stub 37.0.1.exe 2015-04-07 18:21 - 2015-04-08 17:29 - 00074965 _____ () C:\Windows\WindowsUpdate.log 2015-04-07 18:20 - 2015-04-07 18:20 - 00000116 _____ () C:\Windows\setupact.log 2015-04-07 18:20 - 2015-04-07 18:20 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-07 15:22 - 2015-04-07 15:22 - 02208768 _____ () C:\Users\jorgos\Desktop\adwcleaner_4.200.exe 2015-04-07 14:20 - 2015-04-08 18:51 - 00000000 ____D () C:\FRST 2015-04-07 14:18 - 2015-04-07 14:20 - 01135104 _____ (Farbar) C:\Users\jorgos\Desktop\FRST.exe 2015-04-07 10:34 - 2015-04-08 18:19 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-07 10:34 - 2015-04-07 10:34 - 00000000 ____D () C:\ProgramData\Licenses 2015-04-07 10:33 - 2015-04-07 10:33 - 00001120 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk 2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\Documents\Simply Super Software 2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Simply Super Software 2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-04-07 10:32 - 2015-04-07 10:33 - 00000000 ____D () C:\Program Files\Trojan Remover 2015-04-07 10:32 - 2015-04-07 10:32 - 00000000 ____D () C:\ProgramData\Simply Super Software 2015-04-06 19:42 - 2015-04-06 19:42 - 00000000 ____D () C:\Users\jorgos\Documents\ProcAlyzer Dumps 2015-04-06 18:49 - 2013-08-22 08:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150406-184941.backup 2015-04-06 18:30 - 2015-04-06 19:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-04-06 18:30 - 2015-04-06 18:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-04-06 18:30 - 2015-04-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-04-06 18:30 - 2015-04-06 18:30 - 00002154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-04-06 18:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2015-04-06 17:30 - 2015-04-06 17:30 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-04-06 16:00 - 2015-04-06 16:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\LavasoftStatistics 2015-04-06 14:16 - 2015-04-08 12:34 - 00000000 ____D () C:\AdwCleaner 2015-04-03 19:47 - 2015-04-03 19:47 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-04-03 19:26 - 2015-04-03 19:32 - 00000000 ____D () C:\Users\jorgos\AppData\Local\Sidebar7 2015-04-03 19:11 - 2015-04-03 19:11 - 00000000 ____D () C:\Windows\system32\log 2015-04-02 20:55 - 2015-04-03 14:55 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-04-01 16:44 - 2015-04-01 16:45 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-01 16:43 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-31 19:15 - 2015-03-31 19:15 - 00000000 ____D () C:\Users\jorgos\Desktop\unibox 2015-03-19 21:07 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-19 21:07 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-19 21:07 - 2015-01-31 01:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-19 21:07 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-19 21:07 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-19 21:06 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-19 21:06 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-19 21:06 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-19 21:06 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-19 21:06 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-19 21:06 - 2015-01-30 04:25 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-19 21:06 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-19 21:06 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-19 21:06 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-19 21:06 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-19 21:06 - 2015-01-29 02:56 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-19 21:06 - 2015-01-29 02:55 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-19 21:06 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-19 21:06 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-19 21:06 - 2014-12-11 07:40 - 00041296 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-19 21:05 - 2015-02-26 01:27 - 03543552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-19 21:05 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-19 21:05 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-19 21:05 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-19 21:05 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-19 21:05 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-19 21:05 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-19 21:05 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-19 21:05 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-19 21:05 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-19 21:05 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-19 21:05 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-03-19 21:05 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-19 21:05 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-19 21:05 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-19 21:05 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-19 21:05 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-19 21:05 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-19 21:05 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-19 21:05 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-19 21:05 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-19 21:05 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-19 21:05 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-19 21:05 - 2015-01-24 04:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-19 21:05 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-19 21:05 - 2015-01-24 02:48 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-19 21:04 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-19 21:04 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-19 21:04 - 2015-02-05 22:17 - 00869696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-19 21:04 - 2015-02-04 01:51 - 00227136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-19 21:04 - 2015-02-04 01:51 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-19 21:04 - 2015-02-04 01:51 - 00038392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-19 21:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-19 21:04 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-19 21:04 - 2015-01-28 17:35 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-19 21:04 - 2015-01-28 17:35 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-03-19 21:04 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-19 21:04 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-18 16:06 - 2015-03-18 16:06 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-03-11 19:36 - 2015-03-11 19:36 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\elsterformular 2015-03-11 19:35 - 2015-03-11 19:36 - 00000000 ____D () C:\ProgramData\elsterformular 2015-03-11 19:35 - 2015-03-11 19:35 - 00001449 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2015-03-11 19:35 - 2015-03-11 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2015-03-11 19:34 - 2015-03-11 19:34 - 00000000 ____D () C:\Program Files\ElsterFormular ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 18:02 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru 2015-04-08 17:09 - 2015-02-03 19:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-08 10:26 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-07 20:15 - 2014-12-27 19:46 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-07 19:28 - 2014-12-28 16:05 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Avira 2015-04-07 19:27 - 2014-12-28 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-04-07 19:27 - 2014-12-28 16:03 - 00000000 ____D () C:\ProgramData\Avira 2015-04-07 19:17 - 2014-12-27 21:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-07 19:04 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-07 18:20 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-06 17:29 - 2013-08-22 10:17 - 00000000 ___SD () C:\Program Files\Windows Sidebar 2015-04-06 14:21 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-04-06 14:20 - 2014-12-27 19:42 - 00001173 _____ () C:\Users\jorgos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-06 13:12 - 2015-02-03 19:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-06 12:27 - 2015-01-10 19:39 - 00000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd 2015-04-05 17:00 - 2014-12-30 18:36 - 00191488 ___SH () C:\Users\jorgos\Desktop\Thumbs.db 2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\Program Files\Java 2015-04-03 19:47 - 2014-12-28 14:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-04-03 19:27 - 2015-01-29 20:53 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\dlg 2015-04-01 16:45 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-01 16:27 - 2014-12-28 20:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\AbiSuite 2015-04-01 16:05 - 2014-12-27 19:42 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Adobe 2015-03-20 20:21 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\rescache 2015-03-19 21:37 - 2013-08-22 09:22 - 00335400 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-19 21:13 - 2014-12-27 20:34 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-19 21:09 - 2014-12-27 20:34 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-19 21:08 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-11 19:35 - 2014-12-28 16:05 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-10 19:24 - 2014-12-28 16:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-10 19:24 - 2014-12-28 16:03 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-10 19:24 - 2014-12-28 16:03 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys ==================== Files in the root of some directories ======= 2015-01-10 19:39 - 2015-04-06 12:27 - 0000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd Some content of TEMP: ==================== C:\Users\jorgos\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-31 17:24 ==================== End Of Log ============================ Gruss jorgo |
09.04.2015, 08:19 | #6 |
/// the machine /// TB-Ausbilder | Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION C:\Users\jorgos\AppData\Roaming\webssearches FF SelectedSearchEngine: webssearches FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28] FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04] Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ --> Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks |
09.04.2015, 08:49 | #7 |
| Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Moin,schrauber.... Im Moment läuft alles suuuuuper. gesagt,getan: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015 Ran by jorgos at 2015-04-09 09:40:57 Run:1 Running from C:\Users\jorgos\Desktop Loaded Profiles: jorgos & UpdatusUser & (Available profiles: jorgos & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs2 <==== ATTENTION C:\Users\jorgos\AppData\Roaming\webssearches FF SelectedSearchEngine: webssearches FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28] FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04] Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C41AB13A-012A-48F0-8579-83A440C68E76}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C41AB13A-012A-48F0-8579-83A440C68E76}" => Key deleted successfully. C:\Windows\System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8}" => Key deleted successfully. "C:\Users\jorgos\AppData\Roaming\webssearches" => File/Directory not found. Firefox SelectedSearchEngine deleted successfully. C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi => Moved successfully. C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi => Moved successfully. EmptyTemp: => Removed 243.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 09:42:25 ==== jorgo Geändert von jorgo04 (09.04.2015 um 08:50 Uhr) Grund: edit |
09.04.2015, 17:42 | #8 |
/// the machine /// TB-Ausbilder | Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/WerbelinksCleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
10.04.2015, 18:27 | #9 |
| Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Hi schrauber, Alles ist gut. Hatte DelFix nochmal nach Anleitung durchgejagt, und alles ist wieder so, wie es sein soll. Spende ist unterwegs Gruss jorgo |
11.04.2015, 07:30 | #10 |
/// the machine /// TB-Ausbilder | Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks |
doppel, doppelt, doppelt unterstrichen, nervt, problem, registriert, tagen, total, unterstrichen, weiterhelfen, werbepopups, windows, windows 8, wörter, überall |