Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.04.2015, 14:01   #1
jorgo04
 
Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Hallo hier ans Forum....

Ich hab mich soeben hier registriert, weil ich o.g. Problem habe.
Seit ein paar Tagen sind bei mir viele Wörter doppelt unterstrichen, diese werde zu Werbelinks.

Und was total nervt sind die WerbePopups die überall aufgehen.

Könnt ihr mir da weiterhelfen??

Danke und Gruss
jorgo

Alt 07.04.2015, 15:00   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 08.04.2015, 10:17   #3
jorgo04
 
Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Hallo schrauber.....

Danke für deine Hilfe.
Hier die beiden logs:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by jorgos (administrator) on JORGO on 07-04-2015 14:21:05
Running from C:\Users\jorgos\Desktop
Loaded Profiles: jorgos & UpdatusUser (Available profiles: jorgos & UpdatusUser)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Simply Super Software) C:\Program Files\Trojan Remover\Rmvtrjan.exe
(Simply Super Software) C:\Program Files\Trojan Remover\Rmvtrjan.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IATSKY] => C:\Program Files\i@Sky WIC\iatsky.exe [335872 2011-07-26] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1797496 2015-03-28] (Simply Super Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [EPSON SX218 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\MountPoints2: {f167bd85-c812-11e4-973e-0018f3d9a0c3} - "F:\DTVP_Launcher.exe" 
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-2876399589-1292273160-1852779638-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default
FF SelectedSearchEngine: webssearches
FF Homepage: ebay.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\veggy@veggyAddon.com [2015-04-05]
FF Extension: Zoom It - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{bac55ac8-2902-89e3-8c76-04f4c3eb8b76} [2015-04-06]
FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28]
FF Extension: Adblock Plus - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2015-04-06] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation)
S3 WN111v2; C:\Windows\system32\DRIVERS\WN111v2v.sys [449536 2008-09-29] (Atheros Communications, Inc.)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [57344 2014-04-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 14:21 - 2015-04-07 14:21 - 00012806 _____ () C:\Users\jorgos\Desktop\FRST.txt
2015-04-07 14:20 - 2015-04-07 14:21 - 00000000 ____D () C:\FRST
2015-04-07 14:18 - 2015-04-07 14:20 - 01135104 _____ (Farbar) C:\Users\jorgos\Desktop\FRST.exe
2015-04-07 10:34 - 2015-04-07 10:35 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-07 10:34 - 2015-04-07 10:34 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-07 10:33 - 2015-04-07 10:33 - 00001120 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\Documents\Simply Super Software
2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Simply Super Software
2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-04-07 10:32 - 2015-04-07 10:33 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-04-07 10:32 - 2015-04-07 10:32 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-04-07 10:31 - 2015-04-07 10:31 - 01203488 _____ () C:\Users\jorgos\Desktop\Trojan Remover - CHIP-Installer.exe
2015-04-06 19:42 - 2015-04-06 19:42 - 00000000 ____D () C:\Users\jorgos\Documents\ProcAlyzer Dumps
2015-04-06 18:49 - 2013-08-22 08:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150406-184941.backup
2015-04-06 18:30 - 2015-04-06 19:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-06 18:30 - 2015-04-06 18:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-06 18:30 - 2015-04-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-06 18:30 - 2015-04-06 18:30 - 00002154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-06 18:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-04-06 17:49 - 2015-04-06 17:49 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\eCyber
2015-04-06 17:30 - 2015-04-06 17:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-06 16:00 - 2015-04-06 16:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\LavasoftStatistics
2015-04-06 15:32 - 2015-04-06 15:32 - 00000340 _____ () C:\Windows\PFRO.log
2015-04-06 14:23 - 2015-04-07 13:06 - 00351845 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 14:22 - 2015-04-06 18:08 - 00000696 _____ () C:\Windows\setupact.log
2015-04-06 14:22 - 2015-04-06 14:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-06 14:16 - 2015-04-06 14:30 - 00000000 ____D () C:\AdwCleaner
2015-04-03 19:47 - 2015-04-03 19:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-03 19:26 - 2015-04-03 19:32 - 00000000 ____D () C:\Users\jorgos\AppData\Local\Sidebar7
2015-04-03 19:11 - 2015-04-03 19:11 - 00000000 ____D () C:\Windows\system32\log
2015-04-02 20:55 - 2015-04-03 14:55 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-01 16:44 - 2015-04-01 16:45 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-01 16:43 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-31 19:15 - 2015-03-31 19:15 - 00000000 ____D () C:\Users\jorgos\Desktop\unibox
2015-03-31 19:12 - 2015-03-31 19:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-19 21:07 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-19 21:07 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-19 21:07 - 2015-01-31 01:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-19 21:07 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-19 21:07 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-19 21:06 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-19 21:06 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-19 21:06 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-19 21:06 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-19 21:06 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-19 21:06 - 2015-01-30 04:25 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-19 21:06 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-19 21:06 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-19 21:06 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-19 21:06 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-19 21:06 - 2015-01-29 02:56 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-19 21:06 - 2015-01-29 02:55 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-19 21:06 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-19 21:06 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-19 21:06 - 2014-12-11 07:40 - 00041296 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-19 21:05 - 2015-02-26 01:27 - 03543552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-19 21:05 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-19 21:05 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-19 21:05 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-19 21:05 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-19 21:05 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-19 21:05 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-19 21:05 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-19 21:05 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-19 21:05 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-19 21:05 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-19 21:05 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-19 21:05 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-19 21:05 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-19 21:05 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-19 21:05 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-19 21:05 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-19 21:05 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-19 21:05 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-19 21:05 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-19 21:05 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-19 21:05 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-19 21:05 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-19 21:05 - 2015-01-24 04:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-19 21:05 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-19 21:05 - 2015-01-24 02:48 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-19 21:04 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-19 21:04 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-19 21:04 - 2015-02-05 22:17 - 00869696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-19 21:04 - 2015-02-04 01:51 - 00227136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-19 21:04 - 2015-02-04 01:51 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-19 21:04 - 2015-02-04 01:51 - 00038392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-19 21:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-19 21:04 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-19 21:04 - 2015-01-28 17:35 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-19 21:04 - 2015-01-28 17:35 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-19 21:04 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-19 21:04 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-18 16:06 - 2015-03-18 16:06 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-03-11 19:36 - 2015-03-11 19:36 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\elsterformular
2015-03-11 19:35 - 2015-03-11 19:36 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-11 19:35 - 2015-03-11 19:35 - 00001449 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-11 19:35 - 2015-03-11 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-11 19:34 - 2015-03-11 19:34 - 00000000 ____D () C:\Program Files\ElsterFormular

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 13:02 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2015-04-07 11:45 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-06 19:05 - 2015-02-03 19:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 18:08 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 17:29 - 2013-08-22 10:17 - 00000000 ___SD () C:\Program Files\Windows Sidebar
2015-04-06 15:13 - 2014-12-27 19:46 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 14:21 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-06 14:20 - 2014-12-27 21:29 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 14:20 - 2014-12-27 19:42 - 00001173 _____ () C:\Users\jorgos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-06 13:12 - 2015-02-03 19:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 12:27 - 2015-01-10 19:39 - 00000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd
2015-04-05 17:00 - 2014-12-30 18:36 - 00191488 ___SH () C:\Users\jorgos\Desktop\Thumbs.db
2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\Program Files\Java
2015-04-03 19:47 - 2014-12-28 14:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-03 19:27 - 2015-01-29 20:53 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\dlg
2015-04-03 18:57 - 2014-12-27 21:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-01 16:45 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-01 16:27 - 2014-12-28 20:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\AbiSuite
2015-04-01 16:05 - 2014-12-27 19:42 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Adobe
2015-03-20 20:21 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\rescache
2015-03-19 21:37 - 2013-08-22 09:22 - 00335400 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-19 21:13 - 2014-12-27 20:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-19 21:09 - 2014-12-27 20:34 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-19 21:08 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 19:35 - 2014-12-28 16:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-10 19:24 - 2014-12-28 16:07 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-10 19:24 - 2014-12-28 16:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 19:24 - 2014-12-28 16:03 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

==================== Files in the root of some directories =======

2015-01-10 19:39 - 2015-04-06 12:27 - 0000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd

Some content of TEMP:
====================
C:\Users\jorgos\AppData\Local\Temp\avgnt.exe
C:\Users\jorgos\AppData\Local\Temp\Quarantine.exe
C:\Users\jorgos\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-31 17:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by jorgos at 2015-04-07 14:21:55
Running from C:\Users\jorgos\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.9.4 (HKLM\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AIDA64 Extreme v5.00 (HKLM\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Druckerdeinstallation für EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
i@Sky WIC (Version: 1.1 - iatsky) Hidden
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Trojan Remover 6.9.2 (HKLM\...\Trojan Remover_is1) (Version: 6.9.2 - Simply Super Software)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-03-2015 17:51:07 Scheduled Checkpoint
28-03-2015 16:19:58 Scheduled Checkpoint
01-04-2015 16:43:26 Windows Update
03-04-2015 19:25:37 Installed 8GadgetPack
06-04-2015 15:55:43 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CC374A6-AA33-4ABC-9EEB-243B570A1A46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {3A3F4A2F-5E12-4898-9C85-98080177DC70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-19] (Microsoft Corporation)
Task: {61D65029-43A4-4525-8311-EFD082831AC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {68376594-DB60-415E-94C9-CAD8C269499A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {70CED5DF-1D85-4F18-9888-3A95F4E59748} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {71850874-7714-41E7-8010-BAD3490B68CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8CAC15CA-063B-4C47-AD12-4DDC9DF7C545} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9571C70C-95B4-4C00-9ED2-3C80DA517AB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {9DB4C1B1-286D-44CF-82FE-567D3E1E7B71} - System32\Tasks\{33182CA7-CD66-4C84-902B-1E88725708CB} => pcalua.exe -a "C:\Users\jorgos\Desktop\S4 mini CM\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\jorgos\Desktop\S4 mini CM"
Task: {B59853BD-A88D-4BE5-A6B7-DCF87E85FD1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {D323F6E3-EBB6-4F07-9BDA-09C35D772981} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {FE8F91A1-9D52-4D6F-9E69-5FE84401F0DA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2015-04-06 18:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-06 18:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-06 18:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-06 18:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-06 18:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-04-02 20:55 - 2015-04-02 20:55 - 03348592 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-04-02 20:55 - 2015-04-02 20:55 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-02 20:55 - 2015-04-02 20:55 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-02-06 20:23 - 2015-02-06 20:23 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Control Panel\Desktop\\Wallpaper -> F:\E\Jorgo III\Wallpaper\15 (2).jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "Avira Systray"
HKLM\...\StartupApproved\Run: => "IATSKY"
HKLM\...\StartupApproved\Run: => "SDTray"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\StartupFolder: => "Sidebar29.lnk"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Clock Widget (HTC Home)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Weather Widget (HTC Home)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series (Copy 1)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-2876399589-1292273160-1852779638-500 - Administrator - Disabled)
Guest (S-1-5-21-2876399589-1292273160-1852779638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2876399589-1292273160-1852779638-1003 - Limited - Enabled)
jorgos (S-1-5-21-2876399589-1292273160-1852779638-1001 - Administrator - Enabled) => C:\Users\jorgos
UpdatusUser (S-1-5-21-2876399589-1292273160-1852779638-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 10:23:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/07/2015 10:23:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (04/06/2015 06:09:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/06/2015 06:09:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/06/2015 05:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: uninstall.exe_YAC Security Protection, Version: 6.0.188.23675, Zeitstempel: 0x550b98cf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17668, Zeitstempel: 0x54c846b4
Ausnahmecode: 0xc000009a
Fehleroffset: 0x00096c04
ID des fehlerhaften Prozesses: 0x1220
Startzeit der fehlerhaften Anwendung: 0xuninstall.exe_YAC Security Protection0
Pfad der fehlerhaften Anwendung: uninstall.exe_YAC Security Protection1
Pfad des fehlerhaften Moduls: uninstall.exe_YAC Security Protection2
Berichtskennung: uninstall.exe_YAC Security Protection3
Vollständiger Name des fehlerhaften Pakets: uninstall.exe_YAC Security Protection4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: uninstall.exe_YAC Security Protection5

Error: (04/06/2015 05:49:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.1.1.0, Zeitstempel: 0x54124c79
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x6cc
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3
Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5

Error: (04/06/2015 04:18:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/06/2015 04:18:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Weather.exe, Version: 3.1.68.0, Zeitstempel: 0x54c7c92e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504b59
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00011cda
ID des fehlerhaften Prozesses: 0x13d4
Startzeit der fehlerhaften Anwendung: 0xWeather.exe0
Pfad der fehlerhaften Anwendung: Weather.exe1
Pfad des fehlerhaften Moduls: Weather.exe2
Berichtskennung: Weather.exe3
Vollständiger Name des fehlerhaften Pakets: Weather.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Weather.exe5

Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Weather.exe, Version: 3.1.68.0, Zeitstempel: 0x54c7c92e
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504b59
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00011cda
ID des fehlerhaften Prozesses: 0x104c
Startzeit der fehlerhaften Anwendung: 0xWeather.exe0
Pfad der fehlerhaften Anwendung: Weather.exe1
Pfad des fehlerhaften Moduls: Weather.exe2
Berichtskennung: Weather.exe3
Vollständiger Name des fehlerhaften Pakets: Weather.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Weather.exe5


System errors:
=============
Error: (04/07/2015 11:46:22 AM) (Source: DCOM) (EventID: 10010) (User: jorgo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/07/2015 11:45:52 AM) (Source: DCOM) (EventID: 10010) (User: jorgo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/06/2015 08:32:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/06/2015 08:32:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/06/2015 08:32:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/06/2015 03:32:58 PM) (Source: DCOM) (EventID: 10016) (User: jorgo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/06/2015 02:31:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player Network Sharing Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (04/06/2015 02:31:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/06/2015 02:30:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player Network Sharing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (04/06/2015 02:30:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/07/2015 10:23:43 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/07/2015 10:23:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (04/06/2015 06:09:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/06/2015 06:09:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/06/2015 05:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: uninstall.exe_YAC Security Protection6.0.188.23675550b98cfntdll.dll6.3.9600.1766854c846b4c000009a00096c04122001d0708168a9196fC:\Users\jorgos\AppData\Local\Temp\ISAFE_00000000\uninstall.exeC:\Windows\SYSTEM32\ntdll.dllade0d60d-dc74-11e4-974a-0018f3d9a0c3

Error: (04/06/2015 05:49:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.1.1.054124c79MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6cc01d0707989ba315fC:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll85fafbea-dc74-11e4-974a-0018f3d9a0c3

Error: (04/06/2015 04:18:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/06/2015 04:18:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Weather.exe3.1.68.054c7c92eKERNELBASE.dll6.3.9600.1741554504b59e043435200011cda13d401d070747a911aa8C:\Program Files\HTC Home 3\Weather.exeC:\Windows\system32\KERNELBASE.dllb960856b-dc67-11e4-974a-0018f3d9a0c3

Error: (04/06/2015 04:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Weather.exe3.1.68.054c7c92eKERNELBASE.dll6.3.9600.1741554504b59e043435200011cda104c01d070746f6b062dC:\Program Files\HTC Home 3\Weather.exeC:\Windows\system32\KERNELBASE.dllb94186ef-dc67-11e4-974a-0018f3d9a0c3


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 66%
Total physical RAM: 2046.49 MB
Available physical RAM: 677.65 MB
Total Pagefile: 2711 MB
Available Pagefile: 821.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1854.27 MB

==================== Drives ================================

Drive c: (jorgo I) (Fixed) (Total:117.55 GB) (Free:93.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (jorgo II) (Fixed) (Total:115.33 GB) (Free:84.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E4D0F4C)
Partition 1: (Active) - (Size=117.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gruss
jorgo

Moin,

Ic h antworte mir mal kurz selber....bzw. Info:

Da ich neben Firefox auch noch IE11 als Browser installiert habe,
und bemerkte, das ich mit IE11 keinerlei Probleme habe bezüglich Popup/unterstrichene Wörter/Werbelinks....hab ich mal einfach Firefox deinstalliert,

.Malwareantibytes
.CCLEANER ( mit Registry Check )
.und adw cleaner

durchlaufen lassen, Firefox anschliessend wieder installiert,und siehe da, das Problem hat sich anscheinend in Luft aufgelöst.
Alles läuft wieder so wie vorher. Nichts mehr zu sehen von meinen Problemen.....

Hoffentlich bleibt das so.

Gruss
jorgo

EDIT:
Guten Morgen,

Kann es sein das sich durch eine Neuinstallation von Firefox mein Problem sich erledigt hat?
Es wäre schön, wenn sich einer der Experten dazu äussern könnte, damit ich beruhigt bin, und mich sicher fühlen kann...

DANKE und Gruss
jorgo
__________________

Alt 08.04.2015, 17:44   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Jap, aber zur Kontrolle bitte frische FRST Logs
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.04.2015, 17:55   #5
jorgo04
 
Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Nabend schrauber....
Here they are :

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by jorgos at 2015-04-08 18:51:51
Running from C:\Users\jorgos\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.9.4 (HKLM\...\AbiWord2) (Version: 2.9.4 - AbiSource Developers)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AIDA64 Extreme v5.00 (HKLM\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
Avira (HKLM\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Druckerdeinstallation für EPSON SX218 Series (HKLM\...\EPSON SX218 Series) (Version:  - SEIKO EPSON Corporation)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.1.20150309 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
i@Sky WIC (Version: 1.1 - iatsky) Hidden
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 307.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.68 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Trojan Remover 6.9.2 (HKLM\...\Trojan Remover_is1) (Version: 6.9.2 - Simply Super Software)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-03-2015 17:51:07 Scheduled Checkpoint
28-03-2015 16:19:58 Scheduled Checkpoint
01-04-2015 16:43:26 Windows Update
03-04-2015 19:25:37 Installed 8GadgetPack
06-04-2015 15:55:43 AA11
07-04-2015 15:53:33 Wiederherstellungsvorgang

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CC374A6-AA33-4ABC-9EEB-243B570A1A46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {61D65029-43A4-4525-8311-EFD082831AC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {68376594-DB60-415E-94C9-CAD8C269499A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {70CED5DF-1D85-4F18-9888-3A95F4E59748} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {71850874-7714-41E7-8010-BAD3490B68CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7982B88F-93F0-451C-91A5-A4D6802F077A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-19] (Microsoft Corporation)
Task: {8CAC15CA-063B-4C47-AD12-4DDC9DF7C545} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9571C70C-95B4-4C00-9ED2-3C80DA517AB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9DB4C1B1-286D-44CF-82FE-567D3E1E7B71} - System32\Tasks\{33182CA7-CD66-4C84-902B-1E88725708CB} => pcalua.exe -a "C:\Users\jorgos\Desktop\S4 mini CM\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\jorgos\Desktop\S4 mini CM"
Task: {B59853BD-A88D-4BE5-A6B7-DCF87E85FD1A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
Task: {D323F6E3-EBB6-4F07-9BDA-09C35D772981} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {FE8F91A1-9D52-4D6F-9E69-5FE84401F0DA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2015-04-06 18:30 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-06 18:30 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-06 18:30 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-06 18:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-06 18:30 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2015-04-02 20:55 - 2015-04-02 20:55 - 03348592 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-04-02 20:55 - 2015-04-02 20:55 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-02 20:55 - 2015-04-02 20:55 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Control Panel\Desktop\\Wallpaper -> F:\E\Jorgo III\Wallpaper\15 (2).jpg
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> F:\E\Jorgo III\Wallpaper\15 (2).jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "Avira Systray"
HKLM\...\StartupApproved\Run: => "IATSKY"
HKLM\...\StartupApproved\Run: => "SDTray"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\StartupFolder: => "Sidebar29.lnk"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Clock Widget (HTC Home)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "Weather Widget (HTC Home)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "EPSON SX218 Series (Copy 1)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Sidebar29.lnk"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Clock Widget (HTC Home)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Weather Widget (HTC Home)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EPSON SX218 Series"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EPSON SX218 Series (Copy 1)"
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Accounts: =============================

Administrator (S-1-5-21-2876399589-1292273160-1852779638-500 - Administrator - Disabled)
Guest (S-1-5-21-2876399589-1292273160-1852779638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2876399589-1292273160-1852779638-1003 - Limited - Enabled)
jorgos (S-1-5-21-2876399589-1292273160-1852779638-1001 - Administrator - Enabled) => C:\Users\jorgos
UpdatusUser (S-1-5-21-2876399589-1292273160-1852779638-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 05:09:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/08/2015 05:09:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (04/08/2015 10:52:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/08/2015 10:17:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/08/2015 10:17:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (04/08/2015 10:15:24 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (04/07/2015 06:22:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/07/2015 06:21:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/07/2015 04:51:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x01a07088
ID des fehlerhaften Prozesses: 0x117c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (04/07/2015 03:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (04/08/2015 10:27:06 AM) (Source: DCOM) (EventID: 10010) (User: jorgo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/08/2015 10:26:36 AM) (Source: DCOM) (EventID: 10010) (User: jorgo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/07/2015 07:06:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/07/2015 07:06:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (04/07/2015 03:56:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: In der Dateisystemstruktur auf Volume "jorgo I" wurde eine Beschädigung erkannt.

A corruption was found in a file system index structure.  The file reference number is 0x1000000000d8f.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (04/07/2015 03:41:04 PM) (Source: DCOM) (EventID: 10016) (User: jorgo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2015 03:41:02 PM) (Source: DCOM) (EventID: 10016) (User: jorgo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2015 03:41:02 PM) (Source: DCOM) (EventID: 10016) (User: jorgo)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}jorgojorgosS-1-5-21-2876399589-1292273160-1852779638-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2015 03:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Security Center" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (04/07/2015 03:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Security Center" ist vom Dienst "Windows Management Instrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1115


Microsoft Office Sessions:
=========================
Error: (04/08/2015 05:09:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/08/2015 05:09:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (04/08/2015 10:52:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\totalcmd\TCUNIN64.EXE

Error: (04/08/2015 10:17:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/08/2015 10:17:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (04/08/2015 10:15:24 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (04/07/2015 06:22:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/07/2015 06:21:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/07/2015 04:51:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379unknown0.0.0.000000000c000000501a07088117c01d0713b506e468bC:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeunknown8cf55750-dd35-11e4-974d-0018f3d9a0c3

Error: (04/07/2015 03:59:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 56%
Total physical RAM: 2046.49 MB
Available physical RAM: 897.79 MB
Total Pagefile: 2686.49 MB
Available Pagefile: 810.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.74 MB

==================== Drives ================================

Drive c: (jorgo I) (Fixed) (Total:117.55 GB) (Free:93.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (jorgo II) (Fixed) (Total:115.33 GB) (Free:84.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0E4D0F4C)
Partition 1: (Active) - (Size=117.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by jorgos (administrator) on JORGO on 08-04-2015 18:51:18
Running from C:\Users\jorgos\Desktop
Loaded Profiles: jorgos & UpdatusUser (Available profiles: jorgos & UpdatusUser)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IATSKY] => C:\Program Files\i@Sky WIC\iatsky.exe [335872 2011-07-26] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1797496 2015-03-28] (Simply Super Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [EPSON SX218 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\...\MountPoints2: {f167bd85-c812-11e4-973e-0018f3d9a0c3} - "F:\DTVP_Launcher.exe" 
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON SX218 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f167bd85-c812-11e4-973e-0018f3d9a0c3} - "F:\DTVP_Launcher.exe" 
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2876399589-1292273160-1852779638-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-2876399589-1292273160-1852779638-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default
FF SelectedSearchEngine: webssearches
FF Homepage: ebay.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\abs@avira.com [2015-03-31]
FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28]
FF Extension: Adblock Plus - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28]
FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [250880 2014-10-29] (Microsoft Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [103936 2014-10-29] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-04] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2014-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-04] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1269248 2014-10-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105864 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [136216 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [37384 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2015-04-06] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2015-02-04] (Microsoft Corporation)
S3 WN111v2; C:\Windows\system32\DRIVERS\WN111v2v.sys [449536 2008-09-29] (Atheros Communications, Inc.)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [57344 2014-04-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 18:51 - 2015-04-08 18:51 - 00014879 _____ () C:\Users\jorgos\Desktop\FRST.txt
2015-04-08 13:37 - 2015-04-08 13:38 - 60418963 _____ () C:\Users\jorgos\Desktop\openatv-5.0-xp1000mk-20150407_usb.zip
2015-04-07 19:17 - 2015-04-07 19:17 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-07 19:16 - 2015-04-07 19:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-07 19:16 - 2015-04-07 19:16 - 00243656 _____ () C:\Users\jorgos\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-07 18:21 - 2015-04-08 17:29 - 00074965 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 18:20 - 2015-04-07 18:20 - 00000116 _____ () C:\Windows\setupact.log
2015-04-07 18:20 - 2015-04-07 18:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-07 15:22 - 2015-04-07 15:22 - 02208768 _____ () C:\Users\jorgos\Desktop\adwcleaner_4.200.exe
2015-04-07 14:20 - 2015-04-08 18:51 - 00000000 ____D () C:\FRST
2015-04-07 14:18 - 2015-04-07 14:20 - 01135104 _____ (Farbar) C:\Users\jorgos\Desktop\FRST.exe
2015-04-07 10:34 - 2015-04-08 18:19 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-07 10:34 - 2015-04-07 10:34 - 00000000 ____D () C:\ProgramData\Licenses
2015-04-07 10:33 - 2015-04-07 10:33 - 00001120 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\Documents\Simply Super Software
2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Simply Super Software
2015-04-07 10:33 - 2015-04-07 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-04-07 10:32 - 2015-04-07 10:33 - 00000000 ____D () C:\Program Files\Trojan Remover
2015-04-07 10:32 - 2015-04-07 10:32 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-04-06 19:42 - 2015-04-06 19:42 - 00000000 ____D () C:\Users\jorgos\Documents\ProcAlyzer Dumps
2015-04-06 18:49 - 2013-08-22 08:13 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150406-184941.backup
2015-04-06 18:30 - 2015-04-06 19:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-06 18:30 - 2015-04-06 18:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-06 18:30 - 2015-04-06 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-06 18:30 - 2015-04-06 18:30 - 00002154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-06 18:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-04-06 17:30 - 2015-04-06 17:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-06 16:00 - 2015-04-06 16:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\LavasoftStatistics
2015-04-06 14:16 - 2015-04-08 12:34 - 00000000 ____D () C:\AdwCleaner
2015-04-03 19:47 - 2015-04-03 19:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-03 19:26 - 2015-04-03 19:32 - 00000000 ____D () C:\Users\jorgos\AppData\Local\Sidebar7
2015-04-03 19:11 - 2015-04-03 19:11 - 00000000 ____D () C:\Windows\system32\log
2015-04-02 20:55 - 2015-04-03 14:55 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-01 16:44 - 2015-04-01 16:45 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-01 16:43 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-31 19:15 - 2015-03-31 19:15 - 00000000 ____D () C:\Users\jorgos\Desktop\unibox
2015-03-19 21:07 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-19 21:07 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-19 21:07 - 2015-01-31 01:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-19 21:07 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-19 21:07 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-19 21:06 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-19 21:06 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-19 21:06 - 2015-02-07 01:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-19 21:06 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-19 21:06 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-19 21:06 - 2015-01-30 04:25 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-19 21:06 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-19 21:06 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-19 21:06 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-19 21:06 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-19 21:06 - 2015-01-29 02:56 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-19 21:06 - 2015-01-29 02:55 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-19 21:06 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-19 21:06 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-19 21:06 - 2014-12-11 07:40 - 00041296 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-19 21:05 - 2015-02-26 01:27 - 03543552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-19 21:05 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-19 21:05 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-19 21:05 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-19 21:05 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-19 21:05 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-19 21:05 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-19 21:05 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-19 21:05 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-19 21:05 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-19 21:05 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-19 21:05 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-19 21:05 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-19 21:05 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-19 21:05 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-19 21:05 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-19 21:05 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-19 21:05 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-19 21:05 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-19 21:05 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-19 21:05 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-19 21:05 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-19 21:05 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-19 21:05 - 2015-01-24 04:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-19 21:05 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-19 21:05 - 2015-01-24 02:48 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-19 21:04 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-19 21:04 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-19 21:04 - 2015-02-05 22:17 - 00869696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-19 21:04 - 2015-02-04 01:51 - 00227136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-19 21:04 - 2015-02-04 01:51 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-19 21:04 - 2015-02-04 01:51 - 00038392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-19 21:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-19 21:04 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-19 21:04 - 2015-01-28 17:35 - 05769024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-19 21:04 - 2015-01-28 17:35 - 01468408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-19 21:04 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-19 21:04 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-18 16:06 - 2015-03-18 16:06 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-03-11 19:36 - 2015-03-11 19:36 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\elsterformular
2015-03-11 19:35 - 2015-03-11 19:36 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-11 19:35 - 2015-03-11 19:35 - 00001449 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk
2015-03-11 19:35 - 2015-03-11 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-03-11 19:34 - 2015-03-11 19:34 - 00000000 ____D () C:\Program Files\ElsterFormular

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 18:02 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\sru
2015-04-08 17:09 - 2015-02-03 19:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 10:26 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-07 20:15 - 2014-12-27 19:46 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 19:28 - 2014-12-28 16:05 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Avira
2015-04-07 19:27 - 2014-12-28 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-07 19:27 - 2014-12-28 16:03 - 00000000 ____D () C:\ProgramData\Avira
2015-04-07 19:17 - 2014-12-27 21:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-07 19:04 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-07 18:20 - 2013-08-22 09:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-06 17:29 - 2013-08-22 10:17 - 00000000 ___SD () C:\Program Files\Windows Sidebar
2015-04-06 14:21 - 2013-08-22 08:13 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-06 14:20 - 2014-12-27 19:42 - 00001173 _____ () C:\Users\jorgos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-06 13:12 - 2015-02-03 19:18 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-06 12:27 - 2015-01-10 19:39 - 00000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd
2015-04-05 17:00 - 2014-12-30 18:36 - 00191488 ___SH () C:\Users\jorgos\Desktop\Thumbs.db
2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-03 19:48 - 2014-12-28 14:03 - 00000000 ____D () C:\Program Files\Java
2015-04-03 19:47 - 2014-12-28 14:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-04-03 19:27 - 2015-01-29 20:53 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\dlg
2015-04-01 16:45 - 2013-08-22 10:05 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-01 16:27 - 2014-12-28 20:00 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\AbiSuite
2015-04-01 16:05 - 2014-12-27 19:42 - 00000000 ____D () C:\Users\jorgos\AppData\Roaming\Adobe
2015-03-20 20:21 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\rescache
2015-03-19 21:37 - 2013-08-22 09:22 - 00335400 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Windows\ToastData
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\WinStore
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-19 21:32 - 2013-08-22 10:17 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-19 21:13 - 2014-12-27 20:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-19 21:09 - 2014-12-27 20:34 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-19 21:08 - 2013-08-22 10:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 19:35 - 2014-12-28 16:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-10 19:24 - 2014-12-28 16:03 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-10 19:24 - 2014-12-28 16:03 - 00105864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-10 19:24 - 2014-12-28 16:03 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2015-01-10 19:39 - 2015-04-06 12:27 - 0000600 _____ () C:\Users\jorgos\AppData\Roaming\winscp.rnd

Some content of TEMP:
====================
C:\Users\jorgos\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-31 17:24

==================== End Of Log ============================
         
--- --- ---


Gruss
jorgo


Alt 09.04.2015, 08:19   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
C:\Users\jorgos\AppData\Roaming\webssearches
FF SelectedSearchEngine: webssearches
FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28]
FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04]
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Noch Probleme?
__________________
--> Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks

Alt 09.04.2015, 08:49   #7
jorgo04
 
Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Moin,schrauber....

Im Moment läuft alles suuuuuper.


gesagt,getan:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by jorgos at 2015-04-09 09:40:57 Run:1
Running from C:\Users\jorgos\Desktop
Loaded Profiles: jorgos & UpdatusUser &  (Available profiles: jorgos & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {C41AB13A-012A-48F0-8579-83A440C68E76} - System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => pcalua.exe -a C:\Users\jorgos\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs2 <==== ATTENTION
C:\Users\jorgos\AppData\Roaming\webssearches
FF SelectedSearchEngine: webssearches
FF Extension: Speed Dial - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-12-28]
FF Extension: {fd3ff034-895c-4fc0-8b23-89472bb266d2} - C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi [2015-04-04]
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C41AB13A-012A-48F0-8579-83A440C68E76}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C41AB13A-012A-48F0-8579-83A440C68E76}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA3BE0C2-637A-4A7F-A8D1-7DC2D64DAFD8}" => Key deleted successfully.
"C:\Users\jorgos\AppData\Roaming\webssearches" => File/Directory not found.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi => Moved successfully.
C:\Users\jorgos\AppData\Roaming\Mozilla\Firefox\Profiles\6446pg41.default\Extensions\{fd3ff034-895c-4fc0-8b23-89472bb266d2}.xpi => Moved successfully.
EmptyTemp: => Removed 243.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:42:25 ====
         
Gruss
jorgo

Geändert von jorgo04 (09.04.2015 um 08:50 Uhr) Grund: edit

Alt 09.04.2015, 17:42   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.04.2015, 18:27   #9
jorgo04
 
Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Hi schrauber,

Alles ist gut.

Hatte DelFix nochmal nach Anleitung durchgejagt, und alles ist wieder so, wie es sein soll.

Spende ist unterwegs

Gruss
jorgo

Alt 11.04.2015, 07:30   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Standard

Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks
doppel, doppelt, doppelt unterstrichen, nervt, problem, registriert, tagen, total, unterstrichen, weiterhelfen, werbepopups, windows, windows 8, wörter, überall



Ähnliche Themen: Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks


  1. Firefox, Wörter doppelt blau unterstrichen, Werbung an den Seiten und am unteren Bildschirmrand
    Log-Analyse und Auswertung - 05.08.2015 (19)
  2. Einzelne Wörter werden blau unterstrichen wenn ich auf sie drücke werde ich zu Werbung gelinkt
    Plagegeister aller Art und deren Bekämpfung - 27.05.2015 (7)
  3. einzelne Wörter blau unterstrichen, Browser öffnet Werbeseiten
    Log-Analyse und Auswertung - 19.05.2015 (13)
  4. Win 8.1 - einzelne Wörter im Mozilla Firefox blau unterstrichen; Pop-ups
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (19)
  5. einzelne doppelt unterstrichene blaue Wörter und unerwünschte Werbung
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (13)
  6. Windows 7, Firefox Wörter blau unterstrichen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (5)
  7. Windows 7: Chrome öffnet Fenster, Tabs und PopUps mit Werbung und Wörter doppelt blau unterstrichen
    Log-Analyse und Auswertung - 10.09.2014 (9)
  8. Firefox, einzelne Wörter in blauer Schrift und doppelt unterstrichen, beim Hoovern erscheint ein Popup/Werbung
    Log-Analyse und Auswertung - 12.07.2014 (17)
  9. Windows 8.1, Firefox, Wörter doppelt blau unterstrichen, Werbung an den Seiten und am unteren Bildschirmrand
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (12)
  10. Windows 7: zufällige Wörter blau und doppelt unterstrichen - aufdringliche Werbung
    Log-Analyse und Auswertung - 26.04.2014 (13)
  11. Windows 8: Einzelne Wörter grün, doppelt unterstrichen und verlinkt mit Werbung etc.
    Plagegeister aller Art und deren Bekämpfung - 21.03.2014 (14)
  12. Firefox --> Einzelne Wörter doppelt unterstrichen, blau unterlegt. Popups öffnen sich beim Herüberfahren
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (1)
  13. Windows 7: Im Text sind wahllos Wörter grün unterstrichen, welche Werbelinks sind
    Log-Analyse und Auswertung - 09.02.2014 (7)
  14. Windows 7: Viele Wörter werden doppelt blau unterstrichen auf verschiedenen Internetseiten
    Log-Analyse und Auswertung - 27.01.2014 (7)
  15. Manche Wörter in Firefox grün und doppelt unterstrichen, virus?
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (11)
  16. Windows 7 grün unterlegte Wörter doppelt unterstrichen.
    Log-Analyse und Auswertung - 15.01.2014 (3)
  17. Einzelne Wörter sind plötzlich blau und doppelt unterstrichen - Fenster öffnen sich
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (23)

Zum Thema Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks - Hallo hier ans Forum.... Ich hab mich soeben hier registriert, weil ich o.g. Problem habe. Seit ein paar Tagen sind bei mir viele Wörter doppelt unterstrichen, diese werde zu Werbelinks. - Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks...
Archiv
Du betrachtest: Windows 8 und Firefox...Einzelne Wörter doppelt unterstrichen/Werbepopups/Werbelinks auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.