Windows 8: Web Search

Apfeltee · 02.02.2015, 12:43

Seit ich mich heute morgen mit meinem Laptop ins Internet eingeloggt habe, wird mir eine andere Startseite angezeigt (homepage-web.c om/?s=acer&m=tab - wird durch noscript geblockt), außerdem war die Firefox-Suchbar auf Web Search umgestellt. Ich mach mir Sorgen, da ich auch Onlinebanling benutze. Zum letzten Mal war ich am 30.01. drin. Als AVP nutze ich zur Zeit nur Mbam, deshalb habe ich gleich einen Scan gemacht, beim zweiten Mal wurde nichts gefunden.
CD/DVD-Emulatoren benutze ich nicht, daher habe ich Defogger ausgelassen. Alle anderen Logs hänge mit dran.
Meinen richtigen Namen habe ich in den Logs ausgetauscht.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 02.02.2015
Scan Time: 10:28:09
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.02.01
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sumatra

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338975
Time Elapsed: 29 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.WebSearch.A, C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\searchplugins\Web Search.xml, Quarantined, [06a3ab6e2169b5816047bd0224dff60a], 

Physical Sectors: 0
(No malicious items detected)


(end)

Code:

ATTFilter

ï»¿Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sumatra (administrator) on Sumatra on 02-02-2015 11:35:46
Running from C:\Users\Sumatra\Desktop
Loaded Profiles: Sumatra (Available profiles: Sumatra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TelefÃ³nica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Pokki) C:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TelefÃ³nica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe
(TelefÃ³nica I+D) C:\Program Files (x86)\o2\Nori\Nori.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Pokki) C:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Mobile Connection Manager] => C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe [4063096 2011-05-19] (TelefÃ³nica I+D)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b13-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b60-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b9c-ecc0-11e3-825c-001e101f8ffa} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {08f02c0d-eca5-11e3-825b-001e101f211e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83744-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83776-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968819-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968861-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {464d2b6f-eb45-11e3-8259-001e101f7565} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {5c7a7c86-8d02-11e4-827a-f8a963013b3f} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {a195ae4a-ed5c-11e3-825d-001e101fcff6} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {e4732511-08f6-11e4-8262-001e101f8028} - "G:\LGAutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b28-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b61-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> DefaultScope {3B3FDE64-AABD-11E4-827D-001E101F91FC} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {3B3FDE64-AABD-11E4-827D-001E101F91FC} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {B59DE900-277F-4C28-A61F-A21746BFDF7B} URL = 
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Tcpip\..\Interfaces\{1549B2F3-F34C-41B3-B6D1-0772592CC7A8}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Extension: WOT - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-22]
FF Extension: Ghostery - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\firefox@ghostery.com.xpi [2014-06-03]
FF Extension: Flagfox - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-03]
FF Extension: NoScript - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-03]
FF Extension: Adblock Plus - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-26] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (TelefÃ³nica I+D)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 0172021397289991mcinstcleanup; C:\Windows\TEMP\017202~1.EXE -cleanup -nolog [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 11:34 - 2015-02-02 11:35 - 00026647 _____ () C:\Users\Sumatra\Desktop\Addition.txt
2015-02-02 11:32 - 2015-02-02 11:36 - 00013821 _____ () C:\Users\Sumatra\Desktop\FRST.txt
2015-02-02 11:32 - 2015-02-02 11:35 - 00000000 ____D () C:\FRST
2015-02-02 11:06 - 2015-02-02 11:06 - 00380416 _____ () C:\Users\Sumatra\Desktop\Gmer-19357.exe
2015-02-02 11:04 - 2015-02-02 11:04 - 02131456 _____ (Farbar) C:\Users\Sumatra\Desktop\FRST64.exe
2015-02-02 11:00 - 2015-02-02 11:00 - 00001212 _____ () C:\Users\Sumatra\Desktop\mbam.txt
2015-01-26 22:43 - 2015-01-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 20:55 - 2015-01-24 20:55 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 11:24 - 2015-01-18 11:24 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-14 19:54 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 19:54 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 19:54 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:54 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 19:54 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 19:54 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:54 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 19:54 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 09:37 - 2015-01-13 09:42 - 112542032 _____ () C:\Users\Sumatra\Downloads\Filmmusikaufgabe(1).mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2014-04-12 08:03 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-04-12 08:03 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-02 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-02 10:55 - 2014-12-30 19:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 10:42 - 2014-04-12 07:38 - 01241741 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 10:29 - 2014-04-12 09:12 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1196241175-82218636-2219243927-1001
2015-02-02 10:28 - 2014-06-11 17:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 10:25 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Pokki
2015-02-02 10:23 - 2014-06-03 09:20 - 00002304 _____ () C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-01 23:12 - 2014-06-04 18:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Bilder
2015-01-30 16:46 - 2014-04-12 17:21 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 16:46 - 2014-04-12 17:21 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 16:46 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 15:10 - 2013-08-22 15:46 - 00034697 _____ () C:\Windows\setupact.log
2015-01-30 15:10 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 15:09 - 2014-06-03 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 15:09 - 2013-11-27 10:49 - 00064030 _____ () C:\Windows\PFRO.log
2015-01-30 11:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 20:00 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:26 - 2014-06-14 16:51 - 00000000 ____D () C:\Users\Sumatra\Desktop\Schule
2015-01-24 21:20 - 2014-08-16 11:37 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-08-16 11:37 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 20:56 - 2014-12-30 19:03 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 19:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-20 19:01 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Genymobile
2015-01-20 18:59 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\.VirtualBox
2015-01-16 13:01 - 2014-12-15 13:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Elefanten
2015-01-14 20:23 - 2014-06-03 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:17 - 2014-06-03 14:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 19:59 - 2014-06-11 17:08 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 11:28 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra

==================== Files in the root of some directories =======

2014-04-12 08:04 - 2014-04-12 08:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Sumatra\AppData\Local\Temp\binkw32.dll
C:\Users\Sumatra\AppData\Local\Temp\C78F.exe
C:\Users\Sumatra\AppData\Local\Temp\COMAP.EXE
C:\Users\Sumatra\AppData\Local\Temp\d2l_Install.exe
C:\Users\Sumatra\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Sumatra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpihiotu.dll
C:\Users\Sumatra\AppData\Local\Temp\install_flashplayer16x32_mssa_aaa_aih.exe
C:\Users\Sumatra\AppData\Local\Temp\InstStub.exe
C:\Users\Sumatra\AppData\Local\Temp\oct11D1.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct2911.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct3262.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct32B9.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct4E88.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct8BBE.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct9545.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octC97F.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octED12.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octF6D6.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\ResetDevice.exe
C:\Users\Sumatra\AppData\Local\Temp\_isF631.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-01 14:17

==================== End Of Log ============================

Code:

ATTFilter

ï»¿Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Sumatra at 2015-02-02 11:37:15
Running from C:\Users\Sumatra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3006 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3104.3 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3104.6 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3104 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8101 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
ArcaniA - Gothic 4 (HKLM-x32\...\ArcaniA) (Version:  - JoWooD Entertainment AG)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
Host App Service (HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Pokki) (Version: 0.269.5.460 - Pokki)
HUAWEI DataCard Driver 4.20.12.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3349 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}) (Version: 9.10.0223 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pokki Start Menu (HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1196241175-82218636-2219243927-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sumatra\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

18-01-2015 11:19:04 Installed LG USB Modem Drivers.
24-01-2015 12:34:17 Windows Update
28-01-2015 16:27:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {239D4282-CB3F-48A8-9869-CEEF7E1B4B41} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {39F97378-9FE6-4A41-98E6-3F062E2ECBA8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {75C8A749-9DEF-4560-AEF8-98128CCAB14B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-02] (Acer Incorporate)
Task: {77DD6AEB-D26C-40A4-B542-7A00E7314B5E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {9CC47791-8352-4110-9CB4-AFD41AF52B39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {CE4E985C-2A0B-4D7F-8427-3143897146F1} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {D19DD284-DAD5-414E-A1F1-66715FB796D9} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2013-07-26] (Acer Incorporated)
Task: {E25B02DE-DC04-4ECE-8C4B-B99A1569C9E4} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-09-12] (Acer Incorporated)
Task: {F83E32D4-57F1-42BB-A367-9DF66E14C4DF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2011-05-19 14:30 - 2011-05-19 14:30 - 00125304 _____ () C:\Program Files (x86)\o2\Mobile Connection Manager\AgendaLib.dll
2010-12-01 17:29 - 2010-12-01 17:29 - 00508760 _____ () C:\Program Files (x86)\o2\Mobile Connection Manager\sqlite3.dll
2011-01-20 15:49 - 2011-01-20 15:49 - 00021880 _____ () C:\Program Files (x86)\o2\Mobile Connection Manager\langs\de_DE_md.dll
2011-06-01 12:22 - 2011-06-01 12:22 - 00201080 _____ () C:\Program Files (x86)\o2\Nori\legplgs\plgalc.dll
2011-06-01 12:22 - 2011-06-01 12:22 - 00190840 _____ () C:\Program Files (x86)\o2\Nori\legplgs\plgati.dll
2011-06-01 12:22 - 2011-06-01 12:22 - 00409976 _____ () C:\Program Files (x86)\o2\Nori\legplgs\plghwi.dll
2015-01-26 22:43 - 2015-01-26 22:43 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PDFPrint"

========================= Accounts: ==========================

Administrator (S-1-5-21-1196241175-82218636-2219243927-500 - Administrator - Disabled)
Gast (S-1-5-21-1196241175-82218636-2219243927-501 - Limited - Disabled)
Sumatra (S-1-5-21-1196241175-82218636-2219243927-1001 - Administrator - Enabled) => C:\Users\Sumatra

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 10:23:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (02/02/2015 10:23:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (02/02/2015 10:23:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (02/02/2015 10:22:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts fÃ¼r "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Eine fÃ¼r die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (02/02/2015 10:21:45 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (02/01/2015 05:43:42 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstÃ¼tzt wird.

Error: (02/01/2015 05:43:42 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstÃ¼tzt wird.

Error: (02/01/2015 05:43:42 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstÃ¼tzt wird.

Error: (02/01/2015 05:42:25 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstÃ¼tzt wird.

Error: (02/01/2015 05:42:25 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstÃ¼tzt wird.


System errors:
=============
Error: (02/01/2015 05:10:51 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/01/2015 05:10:21 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 05:00:04 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 04:59:34 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/01/2015 02:17:32 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 02:17:02 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/01/2015 00:23:27 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/01/2015 00:22:56 PM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/01/2015 11:58:31 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1549B2F3-F34C-41B3-B6D1-0772592CC7A8} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (02/01/2015 11:25:32 AM) (Source: DCOM) (EventID: 10010) (User: Sumatra)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (02/02/2015 10:23:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppService.exe

Error: (02/02/2015 10:23:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppService.exe

Error: (02/02/2015 10:23:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Sumatra\AppData\Local\Temp\oct3262.tmp.exe

Error: (02/02/2015 10:22:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Sumatra~1\AppData\Local\Temp\oct3262.tmp.exe

Error: (02/02/2015 10:21:45 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (02/01/2015 05:43:42 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (02/01/2015 05:43:42 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (02/01/2015 05:43:42 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (02/01/2015 05:42:25 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (02/01/2015 05:42:25 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2920 @ 1.86GHz
Percentage of memory in use: 61%
Total physical RAM: 1931.2 MB
Available physical RAM: 738.75 MB
Total Pagefile: 2922.74 MB
Available Pagefile: 1110.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.42 GB) (Free:403.34 GB) NTFS
Drive d: (SHAMELESS_SEASON_1_DISC_2) (CDROM) (Total:7.11 GB) (Free:0 GB) UDF
Drive e: (o2) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 71ABC6A8)

Partition: GPT Partition Type.

==================== End Of Log ============================

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-02 12:12:11
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000027 WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Sumatra~1\AppData\Local\Temp\pfldrpow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                             fffff960000d8200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                        fffff960000d8210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3596] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                                                 00007ffef88e1f6a 4 bytes [8E, F8, FE, 7F]
.text    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3596] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                                                 00007ffef88e1f82 4 bytes [8E, F8, FE, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                                  00007fff0029169a 4 bytes [29, 00, FF, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                                  00007fff002916a2 4 bytes [29, 00, FF, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                     00007fff0029181a 4 bytes [29, 00, FF, 7F]
.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2644] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                     00007fff00291832 4 bytes [29, 00, FF, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3244] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                                               00007fff0029169a 4 bytes [29, 00, FF, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3244] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                                               00007fff002916a2 4 bytes [29, 00, FF, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3244] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                                                  00007fff0029181a 4 bytes [29, 00, FF, 7F]
.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3244] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                                                  00007fff00291832 4 bytes [29, 00, FF, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [4568:5196]                                                                                                                                                                                   fffff9600093bb90
Thread   C:\Windows\Explorer.EXE [252:3764]                                                                                                                                                                                          00007ffef9d0d73c
---- Processes - GMER 2.1 ----

Library  C:\Users\Sumatra\AppData\Local\Pokki\Engine\libPokki.dll (*** suspicious ***) @ C:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppService.exe [4712] (Chromium/The Chromium Authors)(2015-01-31 21:21:40)  000000006f990000
Library  C:\Users\Sumatra\AppData\Local\Pokki\Engine\icudt.dll (*** suspicious ***) @ C:\Users\Sumatra\AppData\Local\Pokki\Engine\HostAppService.exe [4712] (ICU Data DLL/The ICU Project)(2015-01-04 04:06:14)      000000006f000000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----

schrauber · 02.02.2015, 12:44

hi,

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Apfeltee · 02.02.2015, 13:30

Danke für die schnelle Antwort.

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 12:57:11
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-24.3 [Local]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Sumatra - Sumatra
# Gestartet von : C:\Users\Sumatra\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 de)

[hc620et0.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");

*************************

AdwCleaner[R0].txt - [2768 octets] - [02/02/2015 12:53:07]
AdwCleaner[S0].txt - [2274 octets] - [02/02/2015 12:57:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2334 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Sumatra on 02.02.2015 at 13:06:02,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3B3FDE64-AABD-11E4-827D-001E101F91FC}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sumatra\AppData\Roaming\mozilla\firefox\profiles\hc620et0.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2015 at 13:10:53,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[CODE]ï»¿
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sumatra (administrator) on Sumatra on 02-02-2015 13:13:12
Running from C:\Users\Sumatra\Desktop
Loaded Profiles: Sumatra (Available profiles: Sumatra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TelefÃ³nica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TelefÃ³nica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe
(TelefÃ³nica I+D) C:\Program Files (x86)\o2\Nori\Nori.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Mobile Connection Manager] => C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe [4063096 2011-05-19] (TelefÃ³nica I+D)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b13-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b60-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b9c-ecc0-11e3-825c-001e101f8ffa} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {08f02c0d-eca5-11e3-825b-001e101f211e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83744-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83776-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968819-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968861-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {464d2b6f-eb45-11e3-8259-001e101f7565} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {5c7a7c86-8d02-11e4-827a-f8a963013b3f} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {a195ae4a-ed5c-11e3-825d-001e101fcff6} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {e4732511-08f6-11e4-8262-001e101f8028} - "G:\LGAutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b28-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b61-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {B59DE900-277F-4C28-A61F-A21746BFDF7B} URL = 
Tcpip\..\Interfaces\{1549B2F3-F34C-41B3-B6D1-0772592CC7A8}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Extension: WOT - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-22]
FF Extension: Ghostery - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\firefox@ghostery.com.xpi [2014-06-03]
FF Extension: Flagfox - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-03]
FF Extension: NoScript - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-03]
FF Extension: Adblock Plus - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-26] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (TelefÃ³nica I+D)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 0172021397289991mcinstcleanup; C:\Windows\TEMP\017202~1.EXE -cleanup -nolog [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 13:10 - 2015-02-02 13:10 - 00000912 _____ () C:\Users\Sumatra\Desktop\JRT.txt
2015-02-02 13:06 - 2015-02-02 13:06 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 13:03 - 2015-02-02 13:04 - 01707939 _____ (Thisisu) C:\Users\Sumatra\Desktop\JRT.exe
2015-02-02 13:00 - 2015-02-02 13:00 - 00002430 _____ () C:\Users\Sumatra\Desktop\AdwCleaner[S0].txt
2015-02-02 12:53 - 2015-02-02 12:59 - 00000000 ____D () C:\AdwCleaner
2015-02-02 12:51 - 2015-02-02 12:51 - 02194432 _____ () C:\Users\Sumatra\Desktop\AdwCleaner_4.109.exe
2015-02-02 12:12 - 2015-02-02 12:12 - 00005030 _____ () C:\Users\Sumatra\Desktop\gmer.log
2015-02-02 11:34 - 2015-02-02 11:37 - 00026647 _____ () C:\Users\Sumatra\Desktop\Addition.txt
2015-02-02 11:32 - 2015-02-02 13:13 - 00012260 _____ () C:\Users\Sumatra\Desktop\FRST.txt
2015-02-02 11:32 - 2015-02-02 13:13 - 00000000 ____D () C:\FRST
2015-02-02 11:06 - 2015-02-02 11:06 - 00380416 _____ () C:\Users\Sumatra\Desktop\Gmer-19357.exe
2015-02-02 11:04 - 2015-02-02 11:04 - 02131456 _____ (Farbar) C:\Users\Sumatra\Desktop\FRST64.exe
2015-02-02 11:00 - 2015-02-02 11:00 - 00001212 _____ () C:\Users\Sumatra\Desktop\mbam.txt
2015-01-26 22:43 - 2015-01-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 20:55 - 2015-01-24 20:55 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 11:24 - 2015-01-18 11:24 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-14 19:54 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 19:54 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 19:54 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:54 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 19:54 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 19:54 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:54 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 19:54 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 09:37 - 2015-01-13 09:42 - 112542032 _____ () C:\Users\Sumatra\Downloads\Filmmusikaufgabe(1).mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2014-04-12 08:03 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-04-12 08:03 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-02 13:13 - 2014-04-12 09:12 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1196241175-82218636-2219243927-1001
2015-02-02 13:02 - 2014-04-12 17:21 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 13:02 - 2014-04-12 17:21 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 13:02 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-02 12:58 - 2013-11-27 10:49 - 00064340 _____ () C:\Windows\PFRO.log
2015-02-02 12:58 - 2013-08-22 15:46 - 00034929 _____ () C:\Windows\setupact.log
2015-02-02 12:58 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 12:55 - 2014-12-30 19:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 12:34 - 2014-04-12 07:38 - 01247557 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 10:28 - 2014-06-11 17:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 10:25 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Pokki
2015-02-02 10:23 - 2014-06-03 09:20 - 00002304 _____ () C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-01 23:12 - 2014-06-04 18:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Bilder
2015-01-30 15:09 - 2014-06-03 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 11:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 20:00 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:26 - 2014-06-14 16:51 - 00000000 ____D () C:\Users\Sumatra\Desktop\Schule
2015-01-24 21:20 - 2014-08-16 11:37 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-08-16 11:37 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 20:56 - 2014-12-30 19:03 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-21 19:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-20 19:01 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Genymobile
2015-01-20 18:59 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\.VirtualBox
2015-01-16 13:01 - 2014-12-15 13:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Elefanten
2015-01-14 20:23 - 2014-06-03 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:17 - 2014-06-03 14:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 19:59 - 2014-06-11 17:08 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 11:28 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra

==================== Files in the root of some directories =======

2014-04-12 08:04 - 2014-04-12 08:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Sumatra\AppData\Local\Temp\binkw32.dll
C:\Users\Sumatra\AppData\Local\Temp\C78F.exe
C:\Users\Sumatra\AppData\Local\Temp\COMAP.EXE
C:\Users\Sumatra\AppData\Local\Temp\d2l_Install.exe
C:\Users\Sumatra\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Sumatra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpihiotu.dll
C:\Users\Sumatra\AppData\Local\Temp\install_flashplayer16x32_mssa_aaa_aih.exe
C:\Users\Sumatra\AppData\Local\Temp\InstStub.exe
C:\Users\Sumatra\AppData\Local\Temp\oct11D1.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct2911.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct3262.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct32B9.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct4E88.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct8BBE.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct9545.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octC97F.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octED12.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octF6D6.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\Quarantine.exe
C:\Users\Sumatra\AppData\Local\Temp\ResetDevice.exe
C:\Users\Sumatra\AppData\Local\Temp\sqlite3.dll
C:\Users\Sumatra\AppData\Local\Temp\_isF631.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-01 14:17

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 02.02.2015, 17:48

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Apfeltee · 02.02.2015, 19:16

Ich kann die Datenbank von Eset nicht runterladen, es kommt ein "unerwarteter Fehler 2002" oder ich werde gefragt, ob ich einen Proxy hätte?

schrauber · 03.02.2015, 07:53

Lass ESET weg, mach dafür folgendes:

Lade Dir bitte von hier

Emsisoft Emergency Kit herunter.

Bitte installiere das Programm in den vorgegebenen Pfad.
Starte das Programm durch Doppelklick der Desktopverknüpfung.
Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

Apfeltee · 03.02.2015, 12:46

Das hat geklappt

Aber im Log stand nur

Code:

ATTFilter

ÿþE#m#s#i#s#o#f#t# #E#m#e#r#g#e#n#c#y# #K#i#t# #-# #V#e#r#s#i#o#n# #9#.#0#

Ich kann mir vorstellen, dass dir das nicht besonders weiterhilft, also hab ich noch Screenshots von der Quaratäne gemacht.

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.296  
 Mozilla Firefox (35.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sumatra (administrator) on Sumatra on 03-02-2015 12:28:40
Running from C:\Users\Sumatra\Desktop
Loaded Profiles: Sumatra (Available profiles: Sumatra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Nori\Nori.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Mobile Connection Manager] => C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe [4063096 2011-05-19] (Telefónica I+D)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b13-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b60-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b9c-ecc0-11e3-825c-001e101f8ffa} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {08f02c0d-eca5-11e3-825b-001e101f211e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83744-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83776-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968819-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968861-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {464d2b6f-eb45-11e3-8259-001e101f7565} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {5c7a7c86-8d02-11e4-827a-f8a963013b3f} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {a195ae4a-ed5c-11e3-825d-001e101fcff6} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {e4732511-08f6-11e4-8262-001e101f8028} - "G:\LGAutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b28-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b61-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {B59DE900-277F-4C28-A61F-A21746BFDF7B} URL = 
Tcpip\..\Interfaces\{1549B2F3-F34C-41B3-B6D1-0772592CC7A8}: [NameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Extension: WOT - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-22]
FF Extension: Ghostery - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\firefox@ghostery.com.xpi [2014-06-03]
FF Extension: Flagfox - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-03]
FF Extension: NoScript - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-03]
FF Extension: Adblock Plus - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-26] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 0172021397289991mcinstcleanup; C:\Windows\TEMP\017202~1.EXE -cleanup -nolog [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-03] (Emsisoft GmbH)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 12:28 - 2015-02-03 12:28 - 00000757 _____ () C:\Users\Sumatra\Desktop\checkup.txt
2015-02-03 12:25 - 2015-02-03 12:25 - 00852573 _____ () C:\Users\Sumatra\Desktop\SecurityCheck.exe
2015-02-03 12:20 - 2015-02-03 12:20 - 00000076 _____ () C:\Users\Sumatra\Desktop\a2scan_150203-103308.txt
2015-02-03 10:28 - 2015-02-03 10:28 - 00000759 _____ () C:\Users\Sumatra\Desktop\Start Emsisoft Emergency Kit.lnk
2015-02-03 10:27 - 2015-02-03 10:28 - 00000000 ____D () C:\EEK
2015-02-03 10:16 - 2015-02-03 10:24 - 170403152 _____ () C:\Users\Sumatra\Desktop\EmsisoftEmergencyKit.exe
2015-02-02 18:01 - 2015-02-02 18:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 18:00 - 2015-02-02 18:00 - 02347384 _____ (ESET) C:\Users\Sumatra\Desktop\esetsmartinstaller_deu.exe
2015-02-02 13:10 - 2015-02-02 13:10 - 00000912 _____ () C:\Users\Sumatra\Desktop\JRT.txt
2015-02-02 13:06 - 2015-02-02 13:06 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 13:03 - 2015-02-02 13:04 - 01707939 _____ (Thisisu) C:\Users\Sumatra\Desktop\JRT.exe
2015-02-02 13:00 - 2015-02-02 13:00 - 00002430 _____ () C:\Users\Sumatra\Desktop\AdwCleaner[S0].txt
2015-02-02 12:53 - 2015-02-02 13:00 - 00000000 ____D () C:\AdwCleaner
2015-02-02 12:51 - 2015-02-02 12:51 - 02194432 _____ () C:\Users\Sumatra\Desktop\AdwCleaner_4.109.exe
2015-02-02 12:12 - 2015-02-02 12:12 - 00005030 _____ () C:\Users\Sumatra\Desktop\gmer.log
2015-02-02 11:34 - 2015-02-02 11:37 - 00026647 _____ () C:\Users\Sumatra\Desktop\Addition.txt
2015-02-02 11:32 - 2015-02-03 12:28 - 00012451 _____ () C:\Users\Sumatra\Desktop\FRST.txt
2015-02-02 11:32 - 2015-02-03 12:28 - 00000000 ____D () C:\FRST
2015-02-02 11:06 - 2015-02-02 11:06 - 00380416 _____ () C:\Users\Sumatra\Desktop\Gmer-19357.exe
2015-02-02 11:04 - 2015-02-02 11:04 - 02131456 _____ (Farbar) C:\Users\Sumatra\Desktop\FRST64.exe
2015-02-02 11:00 - 2015-02-02 11:00 - 00001212 _____ () C:\Users\Sumatra\Desktop\mbam.txt
2015-01-26 22:43 - 2015-01-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 20:55 - 2015-01-24 20:55 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 11:24 - 2015-01-18 11:24 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-14 19:54 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 19:54 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 19:54 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:54 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 19:54 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 19:54 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:54 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 19:54 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 09:37 - 2015-01-13 09:42 - 112542032 _____ () C:\Users\Sumatra\Downloads\Filmmusikaufgabe(1).mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2014-04-12 08:03 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-04-12 08:03 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-03 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 11:55 - 2014-12-30 19:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 10:21 - 2014-04-12 07:38 - 01446482 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 18:38 - 2014-04-12 09:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1196241175-82218636-2219243927-1001
2015-02-02 15:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-02 13:02 - 2014-04-12 17:21 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 13:02 - 2014-04-12 17:21 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 13:02 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 12:58 - 2013-11-27 10:49 - 00064340 _____ () C:\Windows\PFRO.log
2015-02-02 12:58 - 2013-08-22 15:46 - 00034929 _____ () C:\Windows\setupact.log
2015-02-02 12:58 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 10:28 - 2014-06-11 17:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 10:25 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Pokki
2015-02-02 10:23 - 2014-06-03 09:20 - 00002304 _____ () C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-01 23:12 - 2014-06-04 18:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Bilder
2015-01-30 15:09 - 2014-06-03 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 11:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 20:00 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:26 - 2014-06-14 16:51 - 00000000 ____D () C:\Users\Sumatra\Desktop\Schule
2015-01-24 21:20 - 2014-08-16 11:37 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-08-16 11:37 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 20:56 - 2014-12-30 19:03 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-20 19:01 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Genymobile
2015-01-20 18:59 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\.VirtualBox
2015-01-16 13:01 - 2014-12-15 13:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Elefanten
2015-01-14 20:23 - 2014-06-03 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:17 - 2014-06-03 14:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 19:59 - 2014-06-11 17:08 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 11:28 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra

==================== Files in the root of some directories =======

2014-04-12 08:04 - 2014-04-12 08:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Sumatra\AppData\Local\Temp\binkw32.dll
C:\Users\Sumatra\AppData\Local\Temp\C78F.exe
C:\Users\Sumatra\AppData\Local\Temp\COMAP.EXE
C:\Users\Sumatra\AppData\Local\Temp\d2l_Install.exe
C:\Users\Sumatra\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Sumatra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpihiotu.dll
C:\Users\Sumatra\AppData\Local\Temp\install_flashplayer16x32_mssa_aaa_aih.exe
C:\Users\Sumatra\AppData\Local\Temp\InstStub.exe
C:\Users\Sumatra\AppData\Local\Temp\oct11D1.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct2911.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct3262.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct32B9.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct4E88.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct8BBE.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\oct9545.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octC97F.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octED12.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\octF6D6.tmp.exe
C:\Users\Sumatra\AppData\Local\Temp\Quarantine.exe
C:\Users\Sumatra\AppData\Local\Temp\ResetDevice.exe
C:\Users\Sumatra\AppData\Local\Temp\sqlite3.dll
C:\Users\Sumatra\AppData\Local\Temp\_isF631.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-01 14:17

==================== End Of Log ============================

--- --- ---

--- --- ---

Also gefühlt hat sich nichts geändert. Keine Verbesserung aber auch keine Verschlechterung. Die Startseite ist immer noch homepage-web.c om/?s=acer&m=tab

schrauber · 03.02.2015, 13:36

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {B59DE900-277F-4C28-A61F-A21746BFDF7B} URL = 
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
2014-04-12 08:04 - 2014-04-12 08:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

Apfeltee · 03.02.2015, 13:57

Super, mein Browser gehört wieder mir

Kann man damit auch die ganzen McAfee Sachen löschen und andere überflüssige Sachen? Ich habe keine Ahnung, warum das überhaupt drauf ist. Vielleicht war das ganz am Anfang installiert und ich hab es deinstalliert oder so.

Code:

ATTFilter

ï»¿Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Sumatra at 2015-02-03 13:39:00 Run:1
Running from C:\Users\Sumatra\Desktop
Loaded Profiles: Sumatra (Available profiles: Sumatra)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1196241175-82218636-2219243927-1001 -> {B59DE900-277F-4C28-A61F-A21746BFDF7B} URL = 
FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab
FF Homepage: hxxp://homepage-web.com/?s=acer&m=start
2014-04-12 08:04 - 2014-04-12 08:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Emptytemp:
*****************

HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1196241175-82218636-2219243927-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B59DE900-277F-4C28-A61F-A21746BFDF7B}" => Key deleted successfully.
HKCR\CLSID\{B59DE900-277F-4C28-A61F-A21746BFDF7B} => Key not found. 
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:42:06 ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Sumatra (administrator) on Sumatra on 03-02-2015 13:47:04
Running from C:\Users\Sumatra\Desktop
Loaded Profiles: Sumatra (Available profiles: Sumatra)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Nori\Nori.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-06-04] (Geek Software GmbH)
HKLM-x32\...\Run: [Mobile Connection Manager] => C:\Program Files (x86)\o2\Mobile Connection Manager\emmsn.exe [4063096 2011-05-19] (Telefónica I+D)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b13-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b60-ecc0-11e3-825c-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {018a4b9c-ecc0-11e3-825c-001e101f8ffa} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {08f02c0d-eca5-11e3-825b-001e101f211e} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83744-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {0af83776-c218-11e3-8257-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968819-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {25968861-2312-11e4-8267-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {464d2b6f-eb45-11e3-8259-001e101f7565} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {5c7a7c86-8d02-11e4-827a-f8a963013b3f} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {a195ae4a-ed5c-11e3-825d-001e101fcff6} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {e4732511-08f6-11e4-8262-001e101f8028} - "G:\LGAutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b28-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\MountPoints2: {f3d90b61-2452-11e4-8268-142d27a4652d} - "E:\AutoRun.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1549B2F3-F34C-41B3-B6D1-0772592CC7A8}: [NameServer] 193.189.244.206 193.189.244.225

FireFox:
========
FF ProfilePath: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Extension: WOT - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-03]
FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-22]
FF Extension: Ghostery - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\firefox@ghostery.com.xpi [2014-06-03]
FF Extension: Flagfox - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-03]
FF Extension: NoScript - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-03]
FF Extension: Adblock Plus - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\hc620et0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-03]
FF HKU\S-1-5-21-1196241175-82218636-2219243927-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2650696 2013-07-26] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-02] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-02] (Acer Incorporate)
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 0172021397289991mcinstcleanup; C:\Windows\TEMP\017202~1.EXE -cleanup -nolog [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-03] (Emsisoft GmbH)
R3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 13:46 - 2015-02-03 13:46 - 00000114 ____H () C:\Users\Sumatra\Desktop\.~lock.Fixlog.txt#
2015-02-03 12:28 - 2015-02-03 12:28 - 00000757 _____ () C:\Users\Sumatra\Desktop\checkup.txt
2015-02-03 12:25 - 2015-02-03 12:25 - 00852573 _____ () C:\Users\Sumatra\Desktop\SecurityCheck.exe
2015-02-03 12:20 - 2015-02-03 12:20 - 00000076 _____ () C:\Users\Sumatra\Desktop\a2scan_150203-103308.txt
2015-02-03 10:28 - 2015-02-03 10:28 - 00000759 _____ () C:\Users\Sumatra\Desktop\Start Emsisoft Emergency Kit.lnk
2015-02-03 10:27 - 2015-02-03 10:28 - 00000000 ____D () C:\EEK
2015-02-03 10:16 - 2015-02-03 10:24 - 170403152 _____ () C:\Users\Sumatra\Desktop\EmsisoftEmergencyKit.exe
2015-02-02 18:01 - 2015-02-02 18:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-02 18:00 - 2015-02-02 18:00 - 02347384 _____ (ESET) C:\Users\Sumatra\Desktop\esetsmartinstaller_deu.exe
2015-02-02 13:10 - 2015-02-02 13:10 - 00000912 _____ () C:\Users\Sumatra\Desktop\JRT.txt
2015-02-02 13:06 - 2015-02-02 13:06 - 00000000 ____D () C:\Windows\ERUNT
2015-02-02 13:03 - 2015-02-02 13:04 - 01707939 _____ (Thisisu) C:\Users\Sumatra\Desktop\JRT.exe
2015-02-02 13:00 - 2015-02-02 13:00 - 00002430 _____ () C:\Users\Sumatra\Desktop\AdwCleaner[S0].txt
2015-02-02 12:53 - 2015-02-02 13:00 - 00000000 ____D () C:\AdwCleaner
2015-02-02 12:51 - 2015-02-02 12:51 - 02194432 _____ () C:\Users\Sumatra\Desktop\AdwCleaner_4.109.exe
2015-02-02 12:12 - 2015-02-02 12:12 - 00005030 _____ () C:\Users\Sumatra\Desktop\gmer.log
2015-02-02 11:34 - 2015-02-02 11:37 - 00026647 _____ () C:\Users\Sumatra\Desktop\Addition.txt
2015-02-02 11:32 - 2015-02-03 13:47 - 00011870 _____ () C:\Users\Sumatra\Desktop\FRST.txt
2015-02-02 11:32 - 2015-02-03 13:47 - 00000000 ____D () C:\FRST
2015-02-02 11:06 - 2015-02-02 11:06 - 00380416 _____ () C:\Users\Sumatra\Desktop\Gmer-19357.exe
2015-02-02 11:04 - 2015-02-02 11:04 - 02131456 _____ (Farbar) C:\Users\Sumatra\Desktop\FRST64.exe
2015-02-02 11:00 - 2015-02-02 11:00 - 00001212 _____ () C:\Users\Sumatra\Desktop\mbam.txt
2015-01-26 22:43 - 2015-01-26 22:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-24 20:55 - 2015-01-24 20:55 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-18 11:24 - 2015-01-18 11:24 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-14 19:54 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 19:54 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 19:54 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 19:54 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 19:54 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 19:54 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 19:54 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 19:54 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 19:54 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 19:54 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 19:54 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 19:54 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 19:54 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 19:54 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 19:54 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 19:54 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 19:54 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 09:37 - 2015-01-13 09:42 - 112542032 _____ () C:\Users\Sumatra\Downloads\Filmmusikaufgabe(1).mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2014-04-12 08:03 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2014-04-12 08:03 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-03 13:43 - 2013-11-27 10:49 - 00065238 _____ () C:\Windows\PFRO.log
2015-02-03 13:43 - 2013-08-22 15:46 - 00035045 _____ () C:\Windows\setupact.log
2015-02-03 13:43 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 11:55 - 2014-12-30 19:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 10:21 - 2014-04-12 07:38 - 01446482 _____ () C:\Windows\WindowsUpdate.log
2015-02-02 18:38 - 2014-04-12 09:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1196241175-82218636-2219243927-1001
2015-02-02 15:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-02 13:02 - 2014-04-12 17:21 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 13:02 - 2014-04-12 17:21 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 13:02 - 2013-11-27 10:55 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 10:28 - 2014-06-11 17:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 10:25 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Pokki
2015-02-02 10:23 - 2014-06-03 09:20 - 00002304 _____ () C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-01 23:12 - 2014-06-04 18:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Bilder
2015-01-30 15:09 - 2014-06-03 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 11:39 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 20:00 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-27 21:26 - 2014-06-14 16:51 - 00000000 ____D () C:\Users\Sumatra\Desktop\Schule
2015-01-24 21:20 - 2014-08-16 11:37 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2014-08-16 11:37 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 20:56 - 2014-12-30 19:03 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-20 19:01 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\AppData\Local\Genymobile
2015-01-20 18:59 - 2014-11-17 20:01 - 00000000 ____D () C:\Users\Sumatra\.VirtualBox
2015-01-16 13:01 - 2014-12-15 13:42 - 00000000 ____D () C:\Users\Sumatra\Desktop\Elefanten
2015-01-14 20:23 - 2014-06-03 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:17 - 2014-06-03 14:24 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 19:59 - 2014-06-11 17:08 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 19:59 - 2014-06-11 17:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 11:28 - 2014-04-12 09:05 - 00000000 ____D () C:\Users\Sumatra

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-01 14:17

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Mir ist grad noch etwas seltsames aufgefallen: Ich surfe mit einem O2 Surfstick und muss monatlich ein bestimmtes Datenvolumen kaufen und aufladen. Ich wurde im Januar garnicht gedrosselt, obwohl ich über das Datenvolumen gekommen bin. Und eigentlich hätte ich am 1.2. auch frisch bezahlen müssen, weil an diesem Tag der Surfmonat rum war, aber ich wurde auch da garnicht gekappt. Hats der Pups vielleicht sogar gut mit mir gemeint?

schrauber · 03.02.2015, 19:16

Nee, ich denke eher an einen Freimonat oder Fehler beim Anbieter. PUPs machen sowas nit

Was meinst du von McAfee? Hast DU das McAfee-eigene Cleanup Tool schon benutzt?

Apfeltee · 03.02.2015, 19:33

Freimonat wär natürlich geil

Ich meine sowas hier:

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
...

Als ich den Lappy neu hatte, war der das reinste Chaos. Keine Ahnung, wieviele AVPs damals drauf waren und andere Software, die ich nie gebraucht hab. Ich glaub, ich hab die einfach nur deinstalliert. Soll ich das einfach mal runter laden und laufen lassen? Pc wird doch schneller dadurch, oder?

Kann der Web Search eigentlich auch von Acer kommen? o.O Wenn der mich schon auf eine Acer-Tabseite entführt... Ich wüsste nämlich nicht, dass ich irgendwas runtergeladen hätte. Nur einen Account bei Photobucket hab ich angelegt und dort was HOCHgeladen.

schrauber · 04.02.2015, 17:58

Lass das mal laufen:

McAfee Consumer Product Removal Tool - Download - Filepony

03.02.2015, 19:16	#10
schrauber /// the machine /// TB-Ausbilder	Windows 8: Web Search Nee, ich denke eher an einen Freimonat oder Fehler beim Anbieter. PUPs machen sowas nit Was meinst du von McAfee? Hast DU das McAfee-eigene Cleanup Tool schon benutzt? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

04.02.2015, 17:58	#12
schrauber /// the machine /// TB-Ausbilder	Windows 8: Web Search Lass das mal laufen: McAfee Consumer Product Removal Tool - Download - Filepony __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 8: Web Search

Log-Analyse und Auswertung: Windows 8: Web Search