| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.07.2015, 12:48
| #1 |
| |  Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Ich habe das Problem das sich seit einiger Zeit bei meinem Hauptrechner sowie auf meinem Laptop immer wieder von Google Chrome selbstständig Fenster mit diversen Werbeseiten geöffnet werden. Den Laptop benutze ich sehr selten. Google Chrome habe ich so eingestellt das sie synchronisiert werden. Hauptrechner ohne Logfiles. Konfiguration mit Windows 7 64 bit Laptop mit Logfiles: Windows 8.1 mit Bing Hier sind die logfiles lt. Liste. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:48 on 12/07/2015 (mar-sch)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 12-07-2015 22:51:19
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> DefaultScope {3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> {3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55
FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]
Chrome:
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Facebook Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-03-09]
CHR Extension: (Google Sheets) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-09]
CHR Extension: (Download Helper) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjlohfdjcjhmfcabomglnciodlnplhk [2015-06-23]
CHR Extension: (Avira Browser Safety) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2015-03-09]
CHR Extension: (Session Manager) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-03-09]
CHR Extension: (Instagram Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccijgeciailcjildclhbjgakoemgjjg [2015-06-23]
CHR Extension: (Gmail) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 22:51 - 2015-07-12 22:52 - 00018613 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-12 22:50 - 2015-07-12 22:51 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000476 _____ C:\Users\mar-sch\Desktop\defogger_disable.log
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00009573 _____ C:\Users\mar-sch\Desktop\Unbenannt 1.odt
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-07-12 22:45 - 2015-07-12 22:45 - 00050477 _____ C:\Users\mar-sch\Desktop\Defogger.exe
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 00002283 _____ C:\Users\mar-sch\Desktop\Chrome App Launcher.lnk
2015-06-23 19:04 - 2015-06-23 19:04 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 22:48 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-12 22:42 - 2015-03-09 18:31 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 19:58 - 2014-10-27 16:51 - 01920172 _____ C:\Windows\WindowsUpdate.log
2015-07-10 17:56 - 2015-03-09 18:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-10 17:52 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-08 18:18 - 2015-03-09 18:32 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-28 21:44 - 2015-03-15 10:34 - 00005946 _____ C:\Windows\setupact.log
2015-06-27 13:25 - 2015-03-15 10:33 - 00240532 _____ C:\Windows\PFRO.log
2015-06-27 13:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 13:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
C:\Users\mar-sch\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\mar-sch\AppData\Local\Temp\mccspuninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-08 17:56
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by mar-sch at 2015-07-12 22:53:47
Running from C:\Users\mar-sch\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3876264268-1847270997-196456751-500 - Administrator - Disabled)
Gast (S-1-5-21-3876264268-1847270997-196456751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3876264268-1847270997-196456751-1003 - Limited - Enabled)
mar-sch (S-1-5-21-3876264268-1847270997-196456751-1001 - Administrator - Enabled) => C:\Users\mar-sch
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
calibre 64bit (HKLM\...\{B74D8371-98D2-42AD-9D94-3531FF4EA328}) (Version: 2.31.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
Druckerdeinstallation für EPSON StandardBusinessPrinters (HKLM\...\EPSON StandardBusinessPrinters) (Version: - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON Universal Print Driver (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet SetupManager V2 (HKLM-x32\...\InstallShield_{485863E4-C20E-4629-A3B1-B4C8E706A7CB}) (Version: 2.2.3 - SEIKO EPSON CORPORATION)
EpsonNet SetupManager V2 (x32 Version: 2.2.3 - SEIKO EPSON CORPORATION) Hidden
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.3 - Warner Bros. Entertainment, Inc.)
Flixster (x32 Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.3.549 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MyDriveConnect 4.0.3.2180 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (German) (HKLM-x32\...\{68AF7AB8-E018-40D9-B703-0129274FDBAE}) (Version: 4.11.9775 - Apache Software Foundation)
Pokki Start Menu (HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Pokki_Start_Menu) (Version: 0.269.7.564 - Pokki)
Polar FlowSync Version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
27-06-2015 17:12:41 Installed calibre 64bit
05-07-2015 20:02:05 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {17B7FF95-CD7E-4B3F-BFE9-D7216513D9ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {5C2F51FD-13BD-4243-931E-631FC28A1175} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {953CCD85-63D9-478E-B998-989D91CB9934} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-09] (Google Inc.)
Task: {98BCE9F8-C65A-44FE-8572-08A68098ACF7} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {C85F90D7-2011-4C5D-8E5A-A48E9AF5E7DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-09] (Google Inc.)
Task: {D090A04F-FA4C-4D2C-B514-D27CDC855600} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {E8C65C83-0508-4F65-83EC-B89AC0B7B462} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {FAF4A2E2-B621-4867-A186-947C9F0F4580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-17 13:43 - 2015-03-17 13:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 14:15 - 2015-03-17 14:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-08-11 19:26 - 2012-04-24 12:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 23:14 - 2014-02-25 23:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 23:11 - 2014-02-25 23:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 23:17 - 2014-02-25 23:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-06-23 19:33 - 2014-11-11 10:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-06-23 19:34 - 2013-08-25 20:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-06-23 19:34 - 2013-08-25 20:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-06-23 19:34 - 2013-08-25 20:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2015-04-19 13:30 - 2014-11-04 11:38 - 00867080 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\common\UNO\UNO.dll
2015-04-19 13:30 - 2013-12-10 09:39 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2015-04-19 13:30 - 2013-12-10 09:39 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2015-04-19 13:30 - 2013-12-10 09:39 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2015-04-19 13:30 - 2013-12-10 09:39 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2015-07-08 18:17 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 18:17 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\StartupApproved\Run: => "AcerPortal"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99B54509-6962-4228-B43C-7DD088DC2125}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E6097785-ADFB-4C43-B6A1-20CF8230A686}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2CCAFA1A-91AC-40BC-B8BC-0698E24D8AE4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{16BB9AC3-5CFD-413F-8A2E-08E4F803E6A3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{91611679-48DF-48A0-8DA7-E7B3E16AAD70}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8AB4144B-0282-47EE-8CC3-C1DC642B5980}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{48005A54-DDAF-46DF-BF84-738A7AB5F091}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{5D3C1AAA-565C-44F2-9D80-04EED00FEBF7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{43EF214D-EE1E-44D8-8D9D-758502406221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2BC19579-2B53-4418-9EB1-11064772AFCD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A8E997EE-9B61-45BF-AD96-60135D97D268}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5C1B04B2-B89B-4B8B-9D66-0D6CB4C21E62}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2DFAB9D0-642D-46B9-8185-402D0382C068}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A0E8D7AA-54B1-4F0D-9101-317B816C7D77}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9EEE4649-6ADC-4895-9E34-A17883D51FBF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BB4F25B6-C405-4A75-A09A-19D32A2E142E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{134310F3-A796-4430-B6A3-F87F214E7755}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{52655705-4C47-4550-894B-F0C269931E47}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5BB5CF2B-BCE4-4655-9518-691E98AF2D3F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B326D866-A28C-4568-B298-EE1971211A68}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{586BE06A-86AD-443B-A140-597E22F407AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1EDAE6E7-3F0B-458C-86F1-6D96934D7B8D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EA6FEFE4-DBEE-409B-BB5E-71C64DBB7D29}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{3ADBD34B-0E5F-4ED1-9B03-69F9DBF08F17}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{4C2712BF-AA04-4F04-B22E-9123ED94CACB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D9646284-1607-4C7C-9E63-92DB7ACC334A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3D3650B6-7AAB-4C35-AD0A-007AA9CD9C04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9E0D5BC8-82CE-4652-86D6-B1BA577F1E59}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{70C742CF-019B-47C2-BC95-684E732D277C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{15B325FE-3385-4FCC-B04E-E3750921D702}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{68F77E49-A0AC-4B57-98F9-C72194DD36FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C96243B1-A03C-49E6-924C-4D4E30EF47A5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{41574405-39C7-413C-B130-572073C7885F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet SetupManager V2\SManager.exe
FirewallRules: [{F5B764E4-F5D2-4F89-9798-9CFF7354B6B6}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet SetupManager V2\SManager.exe
FirewallRules: [{BBBB2DAB-7952-4204-9D6F-98116F019DE7}] => (Allow) C:\Users\mar-sch\AppData\Local\Temp\EPSON WF-2540 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{632FB73B-7A45-4211-8A83-9213A9EFD941}] => (Allow) C:\Users\mar-sch\AppData\Local\Temp\EPSON WF-2540 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{2327795F-05AB-4E03-A2AF-41CDF7D491FB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{DC4632E6-827F-44B0-A462-C235DF0B0F4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{2976B3FA-8D91-45E5-95A7-F8DF556F5CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{BA4E9717-E8F2-4208-8780-309E05EA1F0B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{5DCAE036-7B12-4F1D-9974-99F5DE7B9EA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{CDF35570-F259-480C-AE5A-272C67246CC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A62F88A1-44E6-426E-8B51-FAB0C769EAF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{17EAC695-8DE9-42DD-8F7D-6295EA0F142C}C:\program files (x86)\flixster\flixster.exe] => (Allow) C:\program files (x86)\flixster\flixster.exe
FirewallRules: [UDP Query User{7D5784D2-849E-4F17-83F2-63A4A9E97EBC}C:\program files (x86)\flixster\flixster.exe] => (Allow) C:\program files (x86)\flixster\flixster.exe
FirewallRules: [{81F6ED65-E888-44B1-A2DA-C8A6E65F84B5}] => (Allow) LPort=5354
FirewallRules: [{AD97FF94-576B-4BC4-81EF-CD520B5301E6}] => (Allow) LPort=5354
FirewallRules: [{2A222C14-6BC0-4C7F-BC10-FC8EA096088B}] => (Allow) LPort=5354
FirewallRules: [{8B19F7B4-E216-4621-A2E6-64B40B7EB9B7}] => (Allow) LPort=5354
FirewallRules: [{4A4A4A22-BF03-4117-9539-7A23075DE989}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB4BD64A-5527-4961-87DE-7ACAE78B9D62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4916B720-F06B-4AF8-AC76-0564DBDC66D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain: CreateSharedMemory() failed.
Session ID = 15
Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 15
Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656
Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656
Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13469
Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13469
Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12453
Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12453
System errors:
=============
Error: (07/12/2015 07:52:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{3528b236-19ef-410a-b088-32e1a6dc3561}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4FAAC814-47EE-42B6-8017-8E2332B4B1DB}
Error: (07/12/2015 07:49:44 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/12/2015 07:49:14 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/10/2015 09:29:02 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (07/10/2015 09:29:02 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (07/10/2015 09:28:57 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (07/10/2015 09:28:57 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (07/10/2015 07:45:09 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{3528b236-19ef-410a-b088-32e1a6dc3561}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{20481947-3870-4A94-8CE9-6219770C85E7}
Error: (07/10/2015 06:04:17 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{3528b236-19ef-410a-b088-32e1a6dc3561}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5D2EB946-7697-4755-9286-715931D20DB1}
Error: (07/10/2015 05:57:34 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Microsoft Office:
=========================
Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.Session ID = 15
Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 15
Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656
Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656
Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13469
Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13469
Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12453
Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12453
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 1929.7 MB
Available physical RAM: 734.73 MB
Total Virtual: 4250.96 MB
Available Virtual: 2082.19 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:450.73 GB) (Free:397.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 78C81F09)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-13 22:11:35
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MQ01ABF050 rev.AM001J 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\mar-sch\AppData\Local\Temp\pfldypoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001bca00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff960001bca11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [728:832] 00007ffe1c9e1e00
Thread C:\Windows\System32\svchost.exe [940:4268] 00007ffe05786370
Thread C:\Windows\System32\svchost.exe [940:4272] 00007ffe057898f0
Thread C:\Windows\system32\svchost.exe [968:2052] 00007ffe15664ee0
Thread C:\Windows\system32\svchost.exe [968:3284] 00007ffe128d7240
Thread C:\Windows\system32\svchost.exe [968:3292] 00007ffe13501ed0
Thread C:\Windows\system32\svchost.exe [968:3296] 00007ffe13501ed0
Thread C:\Windows\system32\svchost.exe [968:3500] 00007ffe19fd39b0
Thread C:\Windows\system32\svchost.exe [968:23768] 00007ffe0bda1050
Thread C:\Windows\system32\svchost.exe [312:2628] 00007ffe149f2a50
Thread C:\Windows\system32\svchost.exe [312:2656] 00007ffe149edb60
Thread C:\Windows\system32\svchost.exe [312:2664] 00007ffe149f0d70
Thread C:\Windows\system32\svchost.exe [312:2668] 00007ffe149f2db0
Thread C:\Windows\system32\svchost.exe [312:2672] 00007ffe149e5fe0
Thread C:\Windows\system32\svchost.exe [312:2740] 00007ffe149eee40
Thread C:\Windows\System32\svchost.exe [648:1088] 00007ffe17f171b0
Thread C:\Windows\System32\svchost.exe [648:1152] 00007ffe1cff3ad0
Thread C:\Windows\System32\svchost.exe [648:1788] 00007ffe15603190
Thread C:\Windows\System32\svchost.exe [648:2960] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:2964] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:2968] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:2972] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:2980] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:2992] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:3000] 00007ffe1c321df0
Thread C:\Windows\System32\svchost.exe [648:3084] 00007ffe130e36f0
Thread C:\Windows\System32\svchost.exe [648:4192] 00007ffe155e3720
Thread C:\Windows\System32\svchost.exe [648:3176] 00007ffe190c37a0
Thread C:\Windows\System32\svchost.exe [648:232] 00007ffe156018f0
Thread C:\Windows\System32\svchost.exe [648:4344] 00007ffe1e13ad30
Thread C:\Windows\system32\svchost.exe [1036:19524] 00007ffe14127470
Thread C:\Windows\System32\spoolsv.exe [1200:3200] 00007ffe15191120
Thread C:\Windows\System32\spoolsv.exe [1200:1212] 00007ffe15173460
Thread C:\Windows\System32\spoolsv.exe [1200:952] 00007ffe19535e40
Thread C:\Windows\System32\spoolsv.exe [1200:1156] 00007ffe1960cd30
Thread C:\Windows\system32\svchost.exe [1828:3512] 00007ffe15191120
Thread C:\Windows\system32\svchost.exe [1828:25364] 00007ffe15173460
Thread C:\Windows\system32\DllHost.exe [2896:3088] 00007ffe12929b10
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3504:3528] 00007ffe11f381f4
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3504:3532] 00007ffe11dfbdf4
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3504:2912] 00007ffe11dfbdf4
Thread C:\Windows\system32\csrss.exe [5532:2464] fffff960008392d0
Thread C:\Windows\system32\taskhost.exe [23732:25196] 00007ffe14a82660
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 13.07.2015 Suchlaufzeit: 19:56 Protokolldatei: malwarebytes.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.13.03 Rootkit-Datenbank: v2015.07.10.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: mar-sch Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 355774 Abgelaufene Zeit: 34 Min., 31 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}, , [af98548dc4c6f145939f41c3ee156e92], Registrierungswerte: 4 PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|FaviconURL, hxxp://homepage-web.com/favicon.ico, , [af98548dc4c6f145939f41c3ee156e92] PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|FaviconURLFallback, hxxp://homepage-web.com/favicon.ico, , [dc6b2db4addd68ced35f20e4c24121df] PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|TopResultURL, hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, , [0245c91886045cdaba78f60e60a3e020] PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|URL, hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, , [9aad1bc64c3ebb7b959d7a8a28dbc53b] Registrierungsdaten: 1 PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://homepage-web.com/?s=acer&m=start, Gut: (www.google.com), Schlecht: (hxxp://homepage-web.com/?s=acer&m=start),,[1b2c09d8c6c448ee408e23feb451718f] Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 13. Juli 2015 09:07
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1 Connected
Windowsversion : (plain) [6.3.9600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MARSCH
Versionsinformationen:
BUILD.DAT : 15.0.11.579 109728 Bytes 16.06.2015 09:37:00
AVSCAN.EXE : 15.0.11.576 1041656 Bytes 07.07.2015 19:01:33
AVSCANRC.DLL : 15.0.11.478 63792 Bytes 22.06.2015 18:31:59
LUKE.DLL : 15.0.11.550 59696 Bytes 22.06.2015 18:32:16
AVSCPLR.DLL : 15.0.11.550 95024 Bytes 22.06.2015 18:31:59
REPAIR.DLL : 15.0.11.576 463608 Bytes 07.07.2015 19:01:32
REPAIR.RDF : 1.0.8.60 946395 Bytes 06.07.2015 18:59:57
AVREG.DLL : 15.0.11.550 276784 Bytes 22.06.2015 18:31:58
AVLODE.DLL : 15.0.11.572 611632 Bytes 22.06.2015 18:31:57
AVLODE.RDF : 14.0.4.72 79262 Bytes 08.07.2015 17:36:43
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 16:54:46
XBV00202.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:32
XBV00203.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:32
XBV00204.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:32
XBV00205.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00206.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00207.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00208.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00209.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00210.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00211.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00212.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00213.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00214.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00215.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00216.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00217.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00218.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00219.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:33
XBV00220.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00221.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00222.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00223.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00224.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00225.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00226.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00227.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00228.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00229.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00230.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00231.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00232.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00233.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00234.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00235.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00236.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00237.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00238.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00239.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00240.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00241.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:34
XBV00242.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00243.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00244.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00245.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00246.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00247.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00248.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00249.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00250.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00251.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00252.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00253.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00254.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00255.VDF : 8.11.243.12 2048 Bytes 26.06.2015 08:51:35
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:54:46
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 16:54:46
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:54:46
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:54:46
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 16:54:46
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 16:54:46
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 16:54:46
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 16:54:46
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 16:54:46
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 16:54:46
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 16:54:46
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 16:54:46
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 16:54:46
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 16:54:46
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 16:54:46
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 16:58:45
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 16:58:45
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 13:32:17
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 15:06:47
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 13:47:12
XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 18:32:56
XBV00021.VDF : 8.11.243.12 2747904 Bytes 26.06.2015 08:51:23
XBV00042.VDF : 8.11.243.20 3584 Bytes 26.06.2015 08:51:23
XBV00043.VDF : 8.11.243.28 2048 Bytes 26.06.2015 08:51:24
XBV00044.VDF : 8.11.243.36 2048 Bytes 26.06.2015 08:51:24
XBV00045.VDF : 8.11.243.46 38912 Bytes 26.06.2015 08:51:24
XBV00046.VDF : 8.11.243.48 3584 Bytes 26.06.2015 08:51:24
XBV00047.VDF : 8.11.243.52 27136 Bytes 27.06.2015 08:51:24
XBV00048.VDF : 8.11.243.54 36864 Bytes 27.06.2015 14:50:59
XBV00049.VDF : 8.11.243.56 8704 Bytes 27.06.2015 17:35:42
XBV00050.VDF : 8.11.243.60 83968 Bytes 28.06.2015 17:35:43
XBV00051.VDF : 8.11.243.62 2048 Bytes 28.06.2015 17:35:43
XBV00052.VDF : 8.11.243.70 6656 Bytes 28.06.2015 17:35:43
XBV00053.VDF : 8.11.243.78 8192 Bytes 28.06.2015 17:35:44
XBV00054.VDF : 8.11.243.86 3584 Bytes 28.06.2015 17:35:44
XBV00055.VDF : 8.11.243.94 68608 Bytes 29.06.2015 17:35:45
XBV00056.VDF : 8.11.243.96 4608 Bytes 29.06.2015 17:35:46
XBV00057.VDF : 8.11.243.98 5120 Bytes 29.06.2015 17:35:46
XBV00058.VDF : 8.11.243.100 5632 Bytes 29.06.2015 17:35:46
XBV00059.VDF : 8.11.243.102 5120 Bytes 29.06.2015 17:35:47
XBV00060.VDF : 8.11.243.122 46080 Bytes 29.06.2015 17:13:15
XBV00061.VDF : 8.11.243.124 2048 Bytes 29.06.2015 17:13:15
XBV00062.VDF : 8.11.243.126 26624 Bytes 29.06.2015 17:13:16
XBV00063.VDF : 8.11.243.128 2048 Bytes 29.06.2015 17:13:16
XBV00064.VDF : 8.11.243.134 18944 Bytes 29.06.2015 17:13:16
XBV00065.VDF : 8.11.243.138 33280 Bytes 30.06.2015 17:13:17
XBV00066.VDF : 8.11.243.146 30208 Bytes 30.06.2015 17:13:18
XBV00067.VDF : 8.11.243.152 14336 Bytes 30.06.2015 17:13:18
XBV00068.VDF : 8.11.243.158 3584 Bytes 30.06.2015 17:13:19
XBV00069.VDF : 8.11.243.170 33792 Bytes 30.06.2015 17:13:22
XBV00070.VDF : 8.11.243.176 2560 Bytes 30.06.2015 17:13:23
XBV00071.VDF : 8.11.243.184 29184 Bytes 30.06.2015 13:40:32
XBV00072.VDF : 8.11.243.186 15360 Bytes 30.06.2015 13:40:33
XBV00073.VDF : 8.11.243.188 10752 Bytes 30.06.2015 13:40:33
XBV00074.VDF : 8.11.243.192 85504 Bytes 01.07.2015 13:40:34
XBV00075.VDF : 8.11.243.194 2048 Bytes 01.07.2015 13:40:34
XBV00076.VDF : 8.11.243.196 2048 Bytes 01.07.2015 13:40:34
XBV00077.VDF : 8.11.243.198 2048 Bytes 01.07.2015 13:40:34
XBV00078.VDF : 8.11.243.200 12288 Bytes 01.07.2015 13:40:34
XBV00079.VDF : 8.11.243.234 47104 Bytes 01.07.2015 13:40:34
XBV00080.VDF : 8.11.244.42 33792 Bytes 01.07.2015 13:40:35
XBV00081.VDF : 8.11.244.74 42496 Bytes 01.07.2015 13:40:35
XBV00082.VDF : 8.11.244.106 23040 Bytes 01.07.2015 13:40:35
XBV00083.VDF : 8.11.244.142 17408 Bytes 01.07.2015 13:40:35
XBV00084.VDF : 8.11.244.148 59904 Bytes 02.07.2015 13:40:36
XBV00085.VDF : 8.11.244.152 2048 Bytes 02.07.2015 13:40:36
XBV00086.VDF : 8.11.244.154 8192 Bytes 02.07.2015 13:40:36
XBV00087.VDF : 8.11.244.156 5120 Bytes 02.07.2015 13:40:36
XBV00088.VDF : 8.11.244.158 3584 Bytes 02.07.2015 13:40:36
XBV00089.VDF : 8.11.244.160 3584 Bytes 02.07.2015 13:40:36
XBV00090.VDF : 8.11.244.164 34816 Bytes 02.07.2015 13:40:36
XBV00091.VDF : 8.11.244.166 2048 Bytes 02.07.2015 13:40:37
XBV00092.VDF : 8.11.244.170 32256 Bytes 02.07.2015 13:40:37
XBV00093.VDF : 8.11.244.172 4608 Bytes 02.07.2015 13:40:37
XBV00094.VDF : 8.11.244.174 7168 Bytes 02.07.2015 13:40:37
XBV00095.VDF : 8.11.244.198 9216 Bytes 03.07.2015 13:40:37
XBV00096.VDF : 8.11.244.218 29184 Bytes 03.07.2015 13:40:37
XBV00097.VDF : 8.11.244.220 2048 Bytes 03.07.2015 13:40:38
XBV00098.VDF : 8.11.244.240 7168 Bytes 03.07.2015 13:40:38
XBV00099.VDF : 8.11.244.242 4096 Bytes 03.07.2015 13:40:38
XBV00100.VDF : 8.11.245.8 35840 Bytes 03.07.2015 15:43:18
XBV00101.VDF : 8.11.245.10 10752 Bytes 03.07.2015 18:37:46
XBV00102.VDF : 8.11.245.12 6144 Bytes 03.07.2015 18:37:46
XBV00103.VDF : 8.11.245.14 4608 Bytes 03.07.2015 17:57:02
XBV00104.VDF : 8.11.245.16 2048 Bytes 03.07.2015 17:57:02
XBV00105.VDF : 8.11.245.18 2048 Bytes 03.07.2015 17:57:02
XBV00106.VDF : 8.11.245.20 3072 Bytes 03.07.2015 17:57:03
XBV00107.VDF : 8.11.245.22 2048 Bytes 03.07.2015 17:57:03
XBV00108.VDF : 8.11.245.24 2048 Bytes 03.07.2015 17:57:03
XBV00109.VDF : 8.11.245.34 3072 Bytes 04.07.2015 17:57:03
XBV00110.VDF : 8.11.245.36 2048 Bytes 04.07.2015 17:57:03
XBV00111.VDF : 8.11.245.40 82944 Bytes 04.07.2015 17:57:03
XBV00112.VDF : 8.11.245.42 12288 Bytes 04.07.2015 17:57:03
XBV00113.VDF : 8.11.245.44 73216 Bytes 05.07.2015 17:27:50
XBV00114.VDF : 8.11.245.64 5120 Bytes 05.07.2015 17:27:50
XBV00115.VDF : 8.11.245.84 7680 Bytes 05.07.2015 17:27:50
XBV00116.VDF : 8.11.245.104 10752 Bytes 05.07.2015 17:27:51
XBV00117.VDF : 8.11.245.124 3072 Bytes 05.07.2015 17:27:51
XBV00118.VDF : 8.11.245.126 4096 Bytes 05.07.2015 17:27:51
XBV00119.VDF : 8.11.245.128 8192 Bytes 05.07.2015 17:27:51
XBV00120.VDF : 8.11.245.130 5120 Bytes 05.07.2015 17:27:51
XBV00121.VDF : 8.11.245.132 41472 Bytes 06.07.2015 18:59:13
XBV00122.VDF : 8.11.245.134 22528 Bytes 06.07.2015 18:59:13
XBV00123.VDF : 8.11.245.136 6144 Bytes 06.07.2015 18:59:14
XBV00124.VDF : 8.11.245.138 7680 Bytes 06.07.2015 18:59:14
XBV00125.VDF : 8.11.245.140 6656 Bytes 06.07.2015 18:59:14
XBV00126.VDF : 8.11.245.142 11776 Bytes 06.07.2015 18:59:14
XBV00127.VDF : 8.11.245.146 24064 Bytes 06.07.2015 18:59:15
XBV00128.VDF : 8.11.245.148 8704 Bytes 06.07.2015 18:59:15
XBV00129.VDF : 8.11.245.150 2048 Bytes 06.07.2015 18:59:15
XBV00130.VDF : 8.11.245.152 2048 Bytes 06.07.2015 18:59:15
XBV00131.VDF : 8.11.245.154 25600 Bytes 06.07.2015 18:59:16
XBV00132.VDF : 8.11.245.158 19968 Bytes 06.07.2015 19:01:34
XBV00133.VDF : 8.11.245.178 7680 Bytes 06.07.2015 19:01:35
XBV00134.VDF : 8.11.245.196 2048 Bytes 06.07.2015 19:01:35
XBV00135.VDF : 8.11.245.214 3584 Bytes 06.07.2015 19:01:35
XBV00136.VDF : 8.11.245.234 8192 Bytes 07.07.2015 19:01:35
XBV00137.VDF : 8.11.245.252 2560 Bytes 07.07.2015 19:01:35
XBV00138.VDF : 8.11.245.254 2560 Bytes 07.07.2015 19:01:35
XBV00139.VDF : 8.11.246.0 2048 Bytes 07.07.2015 19:01:35
XBV00140.VDF : 8.11.246.2 11264 Bytes 07.07.2015 19:01:35
XBV00141.VDF : 8.11.246.4 2048 Bytes 07.07.2015 19:01:35
XBV00142.VDF : 8.11.246.8 34816 Bytes 07.07.2015 19:01:36
XBV00143.VDF : 8.11.246.10 2048 Bytes 07.07.2015 19:01:36
XBV00144.VDF : 8.11.246.12 20480 Bytes 07.07.2015 19:01:36
XBV00145.VDF : 8.11.246.14 4608 Bytes 07.07.2015 19:01:36
XBV00146.VDF : 8.11.246.18 38912 Bytes 07.07.2015 17:36:44
XBV00147.VDF : 8.11.246.20 18944 Bytes 07.07.2015 17:36:44
XBV00148.VDF : 8.11.246.22 18432 Bytes 07.07.2015 17:36:44
XBV00149.VDF : 8.11.246.24 5632 Bytes 07.07.2015 17:36:44
XBV00150.VDF : 8.11.246.28 26112 Bytes 08.07.2015 17:36:45
XBV00151.VDF : 8.11.246.30 3584 Bytes 08.07.2015 17:36:45
XBV00152.VDF : 8.11.246.32 8704 Bytes 08.07.2015 17:36:45
XBV00153.VDF : 8.11.246.34 11264 Bytes 08.07.2015 17:36:45
XBV00154.VDF : 8.11.246.52 2048 Bytes 08.07.2015 17:36:45
XBV00155.VDF : 8.11.246.70 18432 Bytes 08.07.2015 17:36:45
XBV00156.VDF : 8.11.246.108 53760 Bytes 08.07.2015 17:36:46
XBV00157.VDF : 8.11.246.126 4608 Bytes 08.07.2015 16:45:19
XBV00158.VDF : 8.11.246.128 2048 Bytes 08.07.2015 16:45:19
XBV00159.VDF : 8.11.246.130 3072 Bytes 08.07.2015 16:45:19
XBV00160.VDF : 8.11.246.132 2048 Bytes 08.07.2015 16:45:19
XBV00161.VDF : 8.11.246.134 2048 Bytes 08.07.2015 16:45:19
XBV00162.VDF : 8.11.246.136 2048 Bytes 08.07.2015 16:45:19
XBV00163.VDF : 8.11.246.140 7680 Bytes 09.07.2015 16:45:19
XBV00164.VDF : 8.11.246.144 33792 Bytes 09.07.2015 16:45:19
XBV00165.VDF : 8.11.246.146 31744 Bytes 09.07.2015 16:45:20
XBV00166.VDF : 8.11.246.148 8704 Bytes 09.07.2015 16:45:20
XBV00167.VDF : 8.11.246.150 3072 Bytes 09.07.2015 16:45:20
XBV00168.VDF : 8.11.246.152 2048 Bytes 09.07.2015 16:45:20
XBV00169.VDF : 8.11.246.156 3584 Bytes 09.07.2015 16:45:20
XBV00170.VDF : 8.11.246.158 32256 Bytes 09.07.2015 16:45:20
XBV00171.VDF : 8.11.246.176 10240 Bytes 09.07.2015 18:45:37
XBV00172.VDF : 8.11.246.192 2048 Bytes 09.07.2015 18:45:37
XBV00173.VDF : 8.11.246.210 44544 Bytes 09.07.2015 15:41:38
XBV00174.VDF : 8.11.246.226 11776 Bytes 09.07.2015 15:41:38
XBV00175.VDF : 8.11.246.244 21504 Bytes 10.07.2015 15:41:39
XBV00176.VDF : 8.11.246.246 2560 Bytes 10.07.2015 15:41:39
XBV00177.VDF : 8.11.246.248 2560 Bytes 10.07.2015 15:41:39
XBV00178.VDF : 8.11.246.250 27136 Bytes 10.07.2015 15:41:39
XBV00179.VDF : 8.11.246.252 12800 Bytes 10.07.2015 15:41:39
XBV00180.VDF : 8.11.246.254 2560 Bytes 10.07.2015 15:41:39
XBV00181.VDF : 8.11.247.4 45568 Bytes 10.07.2015 17:42:06
XBV00182.VDF : 8.11.247.6 2048 Bytes 10.07.2015 17:42:06
XBV00183.VDF : 8.11.247.8 2048 Bytes 10.07.2015 17:42:06
XBV00184.VDF : 8.11.247.10 2048 Bytes 10.07.2015 17:42:06
XBV00185.VDF : 8.11.247.14 67072 Bytes 10.07.2015 17:39:25
XBV00186.VDF : 8.11.247.16 12288 Bytes 10.07.2015 17:39:25
XBV00187.VDF : 8.11.247.20 45056 Bytes 11.07.2015 17:39:25
XBV00188.VDF : 8.11.247.36 17408 Bytes 11.07.2015 17:39:25
XBV00189.VDF : 8.11.247.52 2048 Bytes 11.07.2015 17:39:25
XBV00190.VDF : 8.11.247.68 18944 Bytes 11.07.2015 17:39:25
XBV00191.VDF : 8.11.247.84 7680 Bytes 11.07.2015 17:39:25
XBV00192.VDF : 8.11.247.100 57856 Bytes 12.07.2015 17:39:25
XBV00193.VDF : 8.11.247.102 11776 Bytes 12.07.2015 17:39:25
XBV00194.VDF : 8.11.247.104 10240 Bytes 12.07.2015 17:39:25
XBV00195.VDF : 8.11.247.106 7680 Bytes 12.07.2015 17:39:25
XBV00196.VDF : 8.11.247.108 10240 Bytes 12.07.2015 17:39:25
XBV00197.VDF : 8.11.247.110 6144 Bytes 12.07.2015 17:39:25
XBV00198.VDF : 8.11.247.112 68608 Bytes 13.07.2015 07:00:18
XBV00199.VDF : 8.11.247.128 2048 Bytes 13.07.2015 07:00:18
XBV00200.VDF : 8.11.247.142 10240 Bytes 13.07.2015 07:00:18
XBV00201.VDF : 8.11.247.144 2048 Bytes 13.07.2015 07:00:18
LOCAL001.VDF : 8.11.247.144 131170816 Bytes 13.07.2015 07:00:50
Engineversion : 8.3.32.22
AEBB.DLL : 8.1.2.0 60448 Bytes 25.02.2015 16:53:34
AECORE.DLL : 8.3.7.2 249920 Bytes 22.06.2015 18:31:49
AEDROID.DLL : 8.4.3.302 1506160 Bytes 10.07.2015 15:41:37
AEEMU.DLL : 8.1.3.4 399264 Bytes 25.02.2015 16:53:34
AEEXP.DLL : 8.4.2.88 266296 Bytes 16.05.2015 13:47:10
AEGEN.DLL : 8.1.7.42 457576 Bytes 27.06.2015 08:51:17
AEHELP.DLL : 8.3.2.2 281456 Bytes 29.06.2015 17:34:41
AEHEUR.DLL : 8.1.4.1784 8551280 Bytes 10.07.2015 15:41:35
AEMOBILE.DLL : 8.1.8.2 303168 Bytes 10.07.2015 15:41:38
AEOFFICE.DLL : 8.3.1.44 404608 Bytes 10.07.2015 15:41:35
AEPACK.DLL : 8.4.0.82 792488 Bytes 29.06.2015 17:35:34
AERDL.DLL : 8.2.1.20 731040 Bytes 25.02.2015 16:53:34
AESBX.DLL : 8.2.21.0 1622072 Bytes 22.06.2015 18:31:53
AESCN.DLL : 8.3.2.10 142456 Bytes 16.05.2015 13:47:10
AESCRIPT.DLL : 8.2.2.82 534440 Bytes 10.07.2015 15:41:36
AEVDF.DLL : 8.3.1.6 133992 Bytes 25.02.2015 16:53:34
AVWINLL.DLL : 15.0.11.478 25904 Bytes 22.06.2015 18:31:49
AVPREF.DLL : 15.0.11.478 54216 Bytes 22.06.2015 18:31:58
AVREP.DLL : 15.0.11.478 220464 Bytes 22.06.2015 18:31:58
AVARKT.DLL : 15.0.11.478 228088 Bytes 22.06.2015 18:31:54
AVEVTLOG.DLL : 15.0.11.550 195320 Bytes 22.06.2015 18:31:56
SQLITE3.DLL : 15.0.11.478 455472 Bytes 22.06.2015 18:32:19
AVSMTP.DLL : 15.0.11.478 79096 Bytes 22.06.2015 18:32:00
NETNT.DLL : 15.0.11.478 16384 Bytes 22.06.2015 18:32:16
CommonImageRc.dll: 15.0.11.478 4279600 Bytes 22.06.2015 18:31:49
CommonTextRc.dll: 15.0.11.478 69936 Bytes 22.06.2015 18:31:49
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 13. Juli 2015 09:07
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '201' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxCUIService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCDMonitorService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DptfParticipantProcessorService.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'DptfPolicyCriticalService.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelTechnologyAccessService.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'EscSvc64.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '184' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxEM.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxHK.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxTray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'FMAPP.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCleaner64.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'flowsync.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'PowerDVD14Agent.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerWinMonitor.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '25' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1271' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\swapfile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Ende des Suchlaufs: Montag, 13. Juli 2015 12:22
Benötigte Zeit: 3:14:58 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
38461 Verzeichnisse wurden überprüft
652825 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
652824 Dateien ohne Befall
6561 Archive wurden durchsucht
1 Warnungen
0 Hinweise
1049 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Mit freundlichen Grüßen paralysis |
|
14.07.2015, 13:08
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
14.07.2015, 14:00
| #3 |
| | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Hallo schrauber,
__________________danke für die schnelle Hilfe. hier die geforderten logfiles: Adwcleaner Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 14:25:57
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 8.1 Connected (x64)
# Benutzername : mar-sch - MARSCH
# Gestarted von : C:\Users\mar-sch\Desktop\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\pokki
Ordner Gelöscht : C:\Users\mar-sch\AppData\Local\pokki
Ordner Gelöscht : C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjlohfdjcjhmfcabomglnciodlnplhk
Datei Gelöscht : C:\Users\mar-sch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Datei Gelöscht : C:\Users\mar-sch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Pokki
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Google Chrome v43.0.2357.132
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005?&barid={BD7E9393-7E52-11E1-929B-E839DF8C46B0}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332152&octid=EB_ORIGINAL_CTID&ISID=M3D292828-9D3B-4670-9AA8-659F424D3129&SearchSource=58&CUI=&UM=6&UP=SP734E44FE-9C45-47BB-B43D-D6DB065B03B6&q={searchTerms}&SSPV=
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3812_3&babsrc=SP_ss&mntrId=56ea201800000000000018f46a8303b5
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] :
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : AB04992F414891D52D1B92B02BDE6A91116EECB6DFC6A5853DA859F518ACBDF2"},"software_reporter":{"prompt_reason":"8B25A20CEC0261594B7C16AC0CE3349F85F7FB65ECD6B8922A93D69418A760CE","prompt_seed":"6EBF1C29AF192DD074911818EF8C3DA1152B8AD541C3CA6447544D6AC6CAEF4C","prompt_version":"16A423013D4C27C4B3255CCCB0569D0614BD92002DFEDECC3536662A29484560"},"sync":{"remaining_rollback_tries":"25C5A6040401B160BE6EE619AF746DBF6970E1EEB75317D759CD73723F65B01A"}},"super_mac":"78D988190804444FB61855553C495C4E41FE5CCED6CD634591B0BB71E2F7D142"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://homepage-web.com/?s=acer&m=start
*************************
AdwCleaner[R0].txt - [10695 Bytes] - [14/07/2015 14:23:59]
AdwCleaner[S0].txt - [4545 Bytes] - [14/07/2015 14:25:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4604 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows 8.1 Connected x64
Ran by mar-sch on 14.07.2015 at 14:37:53,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2015 at 14:42:20,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CODE] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 14-07-2015 14:45:34
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55
FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]
Chrome:
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Facebook Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-03-09]
CHR Extension: (Google Sheets) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-09]
CHR Extension: (Avira Browser Safety) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2015-03-09]
CHR Extension: (Session Manager) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-03-09]
CHR Extension: (Instagram Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccijgeciailcjildclhbjgakoemgjjg [2015-06-23]
CHR Extension: (Gmail) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
S2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-14 14:42 - 2015-07-14 14:42 - 00001068 _____ C:\Users\mar-sch\Desktop\JRT.txt
2015-07-14 14:38 - 2015-07-14 14:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARSCH-Windows-8.1-Connected-(64-bit).dat
2015-07-14 14:38 - 2015-07-14 14:38 - 00000000 ____D C:\RegBackup
2015-07-14 14:35 - 2015-07-14 14:35 - 00004692 _____ C:\Users\mar-sch\Desktop\AdwCleaner[S0].txt
2015-07-14 14:23 - 2015-07-14 14:34 - 00000000 ____D C:\AdwCleaner
2015-07-14 14:20 - 2015-07-14 14:20 - 03034266 _____ (Malwarebytes Corporation) C:\Users\mar-sch\Desktop\JRT.exe
2015-07-14 14:18 - 2015-07-14 14:18 - 02248704 _____ C:\Users\mar-sch\Desktop\AdwCleaner_4.208.exe
2015-07-14 13:37 - 2015-07-13 23:22 - 00009636 _____ C:\Users\mar-sch\Documents\Unbenannt%201.odt_0.odt
2015-07-14 13:08 - 2015-07-14 13:08 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 13:08 - 2015-07-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 13:07 - 2015-07-14 14:33 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 13:07 - 2015-07-14 14:18 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 13:07 - 2015-07-14 13:13 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 13:04 - 2015-07-14 13:04 - 00000000 __SHD C:\Users\mar-sch\AppData\Local\EmieBrowserModeList
2015-07-13 23:07 - 2015-07-13 23:07 - 00000094 ____H C:\Users\mar-sch\Desktop\.~lock.Unbenannt 1.odt#
2015-07-13 22:48 - 2015-07-13 22:48 - 00000601 _____ C:\Users\mar-sch\Desktop\AVSCAN-20150713-090713-6C9DE0FD - Verknüpfung.lnk
2015-07-13 22:11 - 2015-07-13 22:11 - 00005601 _____ C:\Users\mar-sch\Desktop\Gmer.txt
2015-07-13 20:32 - 2015-07-13 20:32 - 00002700 _____ C:\Users\mar-sch\Desktop\malwarebytes.txt
2015-07-13 19:55 - 2015-07-14 14:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:54 - 2015-07-13 19:54 - 00001078 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-13 19:54 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 19:51 - 2015-07-13 19:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mar-sch\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-13 19:46 - 2015-07-13 19:46 - 00380416 _____ C:\Users\mar-sch\Desktop\Gmer-19357.exe
2015-07-13 12:27 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\Desktop\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-13 12:26 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-12 22:53 - 2015-07-12 22:54 - 00027844 _____ C:\Users\mar-sch\Desktop\Addition.txt
2015-07-12 22:51 - 2015-07-14 14:45 - 00015588 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-12 22:50 - 2015-07-14 14:45 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000476 _____ C:\Users\mar-sch\Desktop\defogger_disable.log
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00009573 _____ C:\Users\mar-sch\Desktop\Unbenannt 1.odt
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-07-12 22:45 - 2015-07-12 22:45 - 00050477 _____ C:\Users\mar-sch\Desktop\Defogger.exe
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-14 14:38 - 2015-03-09 18:17 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-14 14:36 - 2014-10-27 16:51 - 01060345 _____ C:\Windows\WindowsUpdate.log
2015-07-14 14:28 - 2015-03-15 10:34 - 00006062 _____ C:\Windows\setupact.log
2015-07-14 14:28 - 2015-03-15 10:33 - 00242698 _____ C:\Windows\PFRO.log
2015-07-14 14:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 14:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-14 13:13 - 2015-03-09 18:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 13:08 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 13:07 - 2015-03-09 18:30 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Deployment
2015-07-13 12:26 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-10 17:52 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 13:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
C:\Users\mar-sch\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\mar-sch\AppData\Local\Temp\mccspuninstall.exe
C:\Users\mar-sch\AppData\Local\Temp\Quarantine.exe
C:\Users\mar-sch\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-08 17:56
==================== End of log ============================
|
|
15.07.2015, 08:42
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2015, 15:06
| #5 |
| | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Hallo schrauber, hier die geforderten Dateien. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee1e1b56d48a647a4c119defd4d55cf
# end=init
# utc_time=2015-07-15 11:13:06
# local_time=2015-07-15 01:13:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24809
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee1e1b56d48a647a4c119defd4d55cf
# end=updated
# utc_time=2015-07-15 11:17:55
# local_time=2015-07-15 01:17:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aee1e1b56d48a647a4c119defd4d55cf
# engine=24809
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-15 12:52:02
# local_time=2015-07-15 02:52:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10640787 41781490 0 0
# scanned=212060
# found=0
# cleaned=0
# scan_time=5646
Code:
ATTFilter Results of screen317's Security Check version 1.004
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Windows Defender
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Mozilla Firefox 37.0.2 Firefox out of Date!
Mozilla Thunderbird (38.0.1)
Google Chrome (43.0.2357.132)
Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
[CODE] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 15-07-2015 15:23:58
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55
FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]
Chrome:
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
S2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-15 15:23 - 2015-07-15 15:24 - 00014329 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-15 15:23 - 2015-07-15 15:23 - 00000855 _____ C:\Users\mar-sch\Desktop\checkup.txt
2015-07-15 13:08 - 2015-07-15 13:08 - 00852662 _____ C:\Users\mar-sch\Desktop\SecurityCheck.exe
2015-07-15 13:07 - 2015-07-15 13:07 - 02870984 _____ (ESET) C:\Users\mar-sch\Desktop\esetsmartinstaller_deu.exe
2015-07-14 18:34 - 2015-07-15 15:23 - 00000000 ____D C:\Users\mar-sch\Desktop\Neuer Ordner
2015-07-14 14:38 - 2015-07-14 14:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARSCH-Windows-8.1-Connected-(64-bit).dat
2015-07-14 14:38 - 2015-07-14 14:38 - 00000000 ____D C:\RegBackup
2015-07-14 14:23 - 2015-07-14 14:35 - 00000000 ____D C:\AdwCleaner
2015-07-14 13:37 - 2015-07-13 23:22 - 00009636 _____ C:\Users\mar-sch\Documents\Unbenannt%201.odt_0.odt
2015-07-14 13:08 - 2015-07-14 18:24 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 13:08 - 2015-07-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 13:07 - 2015-07-15 15:18 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 13:07 - 2015-07-15 13:18 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 13:07 - 2015-07-14 13:13 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 13:04 - 2015-07-14 13:04 - 00000000 __SHD C:\Users\mar-sch\AppData\Local\EmieBrowserModeList
2015-07-13 23:07 - 2015-07-13 23:07 - 00000094 ____H C:\Users\mar-sch\Desktop\.~lock.Unbenannt 1.odt#
2015-07-13 19:55 - 2015-07-14 14:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-13 19:54 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 12:26 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-12 22:50 - 2015-07-15 15:24 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-15 15:13 - 2014-10-27 16:51 - 01314534 _____ C:\Windows\WindowsUpdate.log
2015-07-15 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-15 14:59 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-14 18:46 - 2015-03-09 18:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-14 14:28 - 2015-03-15 10:34 - 00006062 _____ C:\Windows\setupact.log
2015-07-14 14:28 - 2015-03-15 10:33 - 00242698 _____ C:\Windows\PFRO.log
2015-07-14 14:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 13:13 - 2015-03-09 18:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 13:08 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 13:07 - 2015-03-09 18:30 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Deployment
2015-07-13 12:26 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 13:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
C:\Users\mar-sch\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\mar-sch\AppData\Local\Temp\mccspuninstall.exe
C:\Users\mar-sch\AppData\Local\Temp\Quarantine.exe
C:\Users\mar-sch\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-08 17:56
==================== End of log ============================
Nach den ersten ersten Durchläufen von AdwCleaner und Junkware Removal waren die Probleme behoben. Es öffnen sich seitdem keine Fenster mehr von alleine. Vielen Dank nochmal für deine Hilfe. |
|
16.07.2015, 07:39
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Hast Du irgendwas mit den USA am Hut? Da ist noch ne IP die nach Illinois führt.
__________________ --> Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen |
|
16.07.2015, 08:23
| #7 |
| | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Hallo schrauber, mit den USA habe ich nichts am Hut. Wüßte nicht wo die herkommt. |
|
16.07.2015, 10:09
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2015, 11:41
| #9 |
| | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Hier der neue FRST log [CODE] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 16-07-2015 11:47:19
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]
Chrome:
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 11:47 - 2015-07-16 11:47 - 00015206 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-15 15:25 - 2015-07-15 15:26 - 00034294 _____ C:\Users\mar-sch\Desktop\Addition.txt
2015-07-14 18:34 - 2015-07-16 11:41 - 00000000 ____D C:\Users\mar-sch\Desktop\Neuer Ordner
2015-07-14 14:38 - 2015-07-14 14:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARSCH-Windows-8.1-Connected-(64-bit).dat
2015-07-14 14:38 - 2015-07-14 14:38 - 00000000 ____D C:\RegBackup
2015-07-14 14:23 - 2015-07-14 14:35 - 00000000 ____D C:\AdwCleaner
2015-07-14 13:37 - 2015-07-13 23:22 - 00009636 _____ C:\Users\mar-sch\Documents\Unbenannt%201.odt_0.odt
2015-07-14 13:08 - 2015-07-14 18:24 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 13:08 - 2015-07-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 13:07 - 2015-07-16 11:45 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 13:07 - 2015-07-16 11:24 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 13:07 - 2015-07-16 09:19 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 13:04 - 2015-07-14 13:04 - 00000000 __SHD C:\Users\mar-sch\AppData\Local\EmieBrowserModeList
2015-07-13 23:07 - 2015-07-13 23:07 - 00000094 ____H C:\Users\mar-sch\Desktop\.~lock.Unbenannt 1.odt#
2015-07-13 19:55 - 2015-07-14 14:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-13 19:54 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 12:26 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-12 22:50 - 2015-07-16 11:47 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-16 11:44 - 2015-03-15 10:34 - 00006178 _____ C:\Windows\setupact.log
2015-07-16 11:44 - 2015-03-15 10:33 - 00243532 _____ C:\Windows\PFRO.log
2015-07-16 11:44 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 11:44 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-16 11:43 - 2014-10-27 16:51 - 01395573 _____ C:\Windows\WindowsUpdate.log
2015-07-16 11:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-16 09:19 - 2015-03-09 18:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 14:59 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-14 18:46 - 2015-03-09 18:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-14 13:08 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 13:07 - 2015-03-09 18:30 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Deployment
2015-07-13 12:26 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-08 17:56
==================== End of log ============================
|
|
17.07.2015, 07:16
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen |
| adware, antivir, antivirus, avira, bonjour, browser, cpu, defender, device driver, downloader, google, hdd0(c:), mozilla, problem, programm, realtek, registry, security, services.exe, siteadvisor, software, svchost.exe, system, udp, warnung, windows, wlan |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
