Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 14.07.2015, 12:48   #1
paralysis
 
Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Ich habe das Problem das sich seit einiger Zeit bei meinem Hauptrechner sowie auf meinem Laptop immer wieder von Google Chrome selbstständig Fenster mit diversen Werbeseiten geöffnet werden. Den Laptop benutze ich sehr selten. Google Chrome habe ich so eingestellt das sie synchronisiert werden.

Hauptrechner ohne Logfiles.
Konfiguration mit Windows 7 64 bit

Laptop mit Logfiles:
Windows 8.1 mit Bing

Hier sind die logfiles lt. Liste.

defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:48 on 12/07/2015 (mar-sch)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 12-07-2015 22:51:19
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> DefaultScope {3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> {3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3876264268-1847270997-196456751-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55

FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]

Chrome: 
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Facebook Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-03-09]
CHR Extension: (Google Sheets) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-09]
CHR Extension: (Download Helper) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjlohfdjcjhmfcabomglnciodlnplhk [2015-06-23]
CHR Extension: (Avira Browser Safety) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2015-03-09]
CHR Extension: (Session Manager) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-03-09]
CHR Extension: (Instagram Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccijgeciailcjildclhbjgakoemgjjg [2015-06-23]
CHR Extension: (Gmail) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 22:51 - 2015-07-12 22:52 - 00018613 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-12 22:50 - 2015-07-12 22:51 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000476 _____ C:\Users\mar-sch\Desktop\defogger_disable.log
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00009573 _____ C:\Users\mar-sch\Desktop\Unbenannt 1.odt
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-07-12 22:45 - 2015-07-12 22:45 - 00050477 _____ C:\Users\mar-sch\Desktop\Defogger.exe
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-23 19:04 - 2015-06-23 19:04 - 00002283 _____ C:\Users\mar-sch\Desktop\Chrome App Launcher.lnk
2015-06-23 19:04 - 2015-06-23 19:04 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 22:48 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-12 22:42 - 2015-03-09 18:31 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 19:58 - 2014-10-27 16:51 - 01920172 _____ C:\Windows\WindowsUpdate.log
2015-07-10 17:56 - 2015-03-09 18:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-10 17:52 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-08 18:18 - 2015-03-09 18:32 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-28 21:44 - 2015-03-15 10:34 - 00005946 _____ C:\Windows\setupact.log
2015-06-27 13:25 - 2015-03-15 10:33 - 00240532 _____ C:\Windows\PFRO.log
2015-06-27 13:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 13:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
C:\Users\mar-sch\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\mar-sch\AppData\Local\Temp\mccspuninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 17:56

==================== End of log ============================
         
Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by mar-sch at 2015-07-12 22:53:47
Running from C:\Users\mar-sch\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3876264268-1847270997-196456751-500 - Administrator - Disabled)
Gast (S-1-5-21-3876264268-1847270997-196456751-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3876264268-1847270997-196456751-1003 - Limited - Enabled)
mar-sch (S-1-5-21-3876264268-1847270997-196456751-1001 - Administrator - Enabled) => C:\Users\mar-sch

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
calibre 64bit (HKLM\...\{B74D8371-98D2-42AD-9D94-3531FF4EA328}) (Version: 2.31.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
Druckerdeinstallation für EPSON StandardBusinessPrinters (HKLM\...\EPSON StandardBusinessPrinters) (Version:  - SEIKO EPSON Corporation)
Druckerdeinstallation für EPSON Universal Print Driver (HKLM\...\EPSON Universal Print Driver) (Version:  - SEIKO EPSON Corporation)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet SetupManager V2 (HKLM-x32\...\InstallShield_{485863E4-C20E-4629-A3B1-B4C8E706A7CB}) (Version: 2.2.3 - SEIKO EPSON CORPORATION)
EpsonNet SetupManager V2 (x32 Version: 2.2.3 - SEIKO EPSON CORPORATION) Hidden
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 2.2.3 - Warner Bros. Entertainment, Inc.)
Flixster (x32 Version: 2.2.3 - Warner Bros. Entertainment, Inc.) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.6.3.549 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MyDriveConnect 4.0.3.2180 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenOffice 4.1.1 Language Pack (German) (HKLM-x32\...\{68AF7AB8-E018-40D9-B703-0129274FDBAE}) (Version: 4.11.9775 - Apache Software Foundation)
Pokki Start Menu (HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Pokki_Start_Menu) (Version: 0.269.7.564 - Pokki)
Polar FlowSync Version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7283 - Realtek Semiconductor Corp.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-06-2015 17:12:41 Installed calibre 64bit
05-07-2015 20:02:05 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17B7FF95-CD7E-4B3F-BFE9-D7216513D9ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {5C2F51FD-13BD-4243-931E-631FC28A1175} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {953CCD85-63D9-478E-B998-989D91CB9934} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-09] (Google Inc.)
Task: {98BCE9F8-C65A-44FE-8572-08A68098ACF7} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {C85F90D7-2011-4C5D-8E5A-A48E9AF5E7DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-09] (Google Inc.)
Task: {D090A04F-FA4C-4D2C-B514-D27CDC855600} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {E8C65C83-0508-4F65-83EC-B89AC0B7B462} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {FAF4A2E2-B621-4867-A186-947C9F0F4580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-17 13:43 - 2015-03-17 13:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 14:15 - 2015-03-17 14:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-08-11 19:26 - 2012-04-24 12:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-02-25 23:14 - 2014-02-25 23:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 23:11 - 2014-02-25 23:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 23:17 - 2014-02-25 23:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-06-23 19:33 - 2014-11-11 10:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-06-23 19:34 - 2013-08-25 20:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-06-23 19:34 - 2013-08-25 20:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-06-23 19:34 - 2013-08-25 20:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2015-04-19 13:30 - 2014-11-04 11:38 - 00867080 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\common\UNO\UNO.dll
2015-04-19 13:30 - 2013-12-10 09:39 - 00074240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ctypes.pyd
2015-04-19 13:30 - 2013-12-10 09:39 - 00285184 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_hashlib.pyd
2015-04-19 13:30 - 2013-12-10 09:39 - 00040960 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_socket.pyd
2015-04-19 13:30 - 2013-12-10 09:39 - 00721920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD14\Common\Koan\_ssl.pyd
2015-07-08 18:17 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 18:17 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\StartupApproved\Run: => "AcerPortal"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99B54509-6962-4228-B43C-7DD088DC2125}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E6097785-ADFB-4C43-B6A1-20CF8230A686}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2CCAFA1A-91AC-40BC-B8BC-0698E24D8AE4}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{16BB9AC3-5CFD-413F-8A2E-08E4F803E6A3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{91611679-48DF-48A0-8DA7-E7B3E16AAD70}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8AB4144B-0282-47EE-8CC3-C1DC642B5980}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{48005A54-DDAF-46DF-BF84-738A7AB5F091}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{5D3C1AAA-565C-44F2-9D80-04EED00FEBF7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{43EF214D-EE1E-44D8-8D9D-758502406221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2BC19579-2B53-4418-9EB1-11064772AFCD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A8E997EE-9B61-45BF-AD96-60135D97D268}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5C1B04B2-B89B-4B8B-9D66-0D6CB4C21E62}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2DFAB9D0-642D-46B9-8185-402D0382C068}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{A0E8D7AA-54B1-4F0D-9101-317B816C7D77}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9EEE4649-6ADC-4895-9E34-A17883D51FBF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BB4F25B6-C405-4A75-A09A-19D32A2E142E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{134310F3-A796-4430-B6A3-F87F214E7755}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{52655705-4C47-4550-894B-F0C269931E47}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5BB5CF2B-BCE4-4655-9518-691E98AF2D3F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B326D866-A28C-4568-B298-EE1971211A68}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{586BE06A-86AD-443B-A140-597E22F407AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1EDAE6E7-3F0B-458C-86F1-6D96934D7B8D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EA6FEFE4-DBEE-409B-BB5E-71C64DBB7D29}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{3ADBD34B-0E5F-4ED1-9B03-69F9DBF08F17}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{4C2712BF-AA04-4F04-B22E-9123ED94CACB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D9646284-1607-4C7C-9E63-92DB7ACC334A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3D3650B6-7AAB-4C35-AD0A-007AA9CD9C04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9E0D5BC8-82CE-4652-86D6-B1BA577F1E59}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{70C742CF-019B-47C2-BC95-684E732D277C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{15B325FE-3385-4FCC-B04E-E3750921D702}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{68F77E49-A0AC-4B57-98F9-C72194DD36FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C96243B1-A03C-49E6-924C-4D4E30EF47A5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{41574405-39C7-413C-B130-572073C7885F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet SetupManager V2\SManager.exe
FirewallRules: [{F5B764E4-F5D2-4F89-9798-9CFF7354B6B6}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet SetupManager V2\SManager.exe
FirewallRules: [{BBBB2DAB-7952-4204-9D6F-98116F019DE7}] => (Allow) C:\Users\mar-sch\AppData\Local\Temp\EPSON WF-2540 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{632FB73B-7A45-4211-8A83-9213A9EFD941}] => (Allow) C:\Users\mar-sch\AppData\Local\Temp\EPSON WF-2540 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{2327795F-05AB-4E03-A2AF-41CDF7D491FB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{DC4632E6-827F-44B0-A462-C235DF0B0F4B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{2976B3FA-8D91-45E5-95A7-F8DF556F5CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{BA4E9717-E8F2-4208-8780-309E05EA1F0B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{5DCAE036-7B12-4F1D-9974-99F5DE7B9EA8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{CDF35570-F259-480C-AE5A-272C67246CC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A62F88A1-44E6-426E-8B51-FAB0C769EAF0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{17EAC695-8DE9-42DD-8F7D-6295EA0F142C}C:\program files (x86)\flixster\flixster.exe] => (Allow) C:\program files (x86)\flixster\flixster.exe
FirewallRules: [UDP Query User{7D5784D2-849E-4F17-83F2-63A4A9E97EBC}C:\program files (x86)\flixster\flixster.exe] => (Allow) C:\program files (x86)\flixster\flixster.exe
FirewallRules: [{81F6ED65-E888-44B1-A2DA-C8A6E65F84B5}] => (Allow) LPort=5354
FirewallRules: [{AD97FF94-576B-4BC4-81EF-CD520B5301E6}] => (Allow) LPort=5354
FirewallRules: [{2A222C14-6BC0-4C7F-BC10-FC8EA096088B}] => (Allow) LPort=5354
FirewallRules: [{8B19F7B4-E216-4621-A2E6-64B40B7EB9B7}] => (Allow) LPort=5354
FirewallRules: [{4A4A4A22-BF03-4117-9539-7A23075DE989}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB4BD64A-5527-4961-87DE-7ACAE78B9D62}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4916B720-F06B-4AF8-AC76-0564DBDC66D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelper
WinMain:  CreateSharedMemory() failed.
Session ID = 15

Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelper
CreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed
Last error = [0x00000102]
Session ID = 15

Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656

Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656

Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13469

Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13469

Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12453

Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12453


System errors:
=============
Error: (07/12/2015 07:52:25 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{3528b236-19ef-410a-b088-32e1a6dc3561}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4FAAC814-47EE-42B6-8017-8E2332B4B1DB}

Error: (07/12/2015 07:49:44 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/12/2015 07:49:14 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/10/2015 09:29:02 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/10/2015 09:29:02 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/10/2015 09:28:57 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/10/2015 09:28:57 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/10/2015 07:45:09 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{3528b236-19ef-410a-b088-32e1a6dc3561}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{20481947-3870-4A94-8CE9-6219770C85E7}

Error: (07/10/2015 06:04:17 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{3528b236-19ef-410a-b088-32e1a6dc3561}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{5D2EB946-7697-4755-9286-715931D20DB1}

Error: (07/10/2015 05:57:34 PM) (Source: DCOM) (EventID: 10010) (User: marsch)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office:
=========================
Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.Session ID = 15

Error: (07/12/2015 07:43:25 PM) (Source: DptfEvent) (EventID: 3) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failedLast error = [0x00000102]Session ID = 15

Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14656

Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14656

Error: (07/10/2015 09:29:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13469

Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13469

Error: (07/10/2015 09:29:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12453

Error: (07/10/2015 09:29:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12453


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 1929.7 MB
Available physical RAM: 734.73 MB
Total Virtual: 4250.96 MB
Available Virtual: 2082.19 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.73 GB) (Free:397.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 78C81F09)

Partition: GPT Partition Type.

==================== End of log ============================
         
GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-13 22:11:35
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000032 TOSHIBA_MQ01ABF050 rev.AM001J 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\mar-sch\AppData\Local\Temp\pfldypoc.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                      fffff960001bca00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 17                                 fffff960001bca11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [728:832]                                            00007ffe1c9e1e00
Thread  C:\Windows\System32\svchost.exe [940:4268]                                           00007ffe05786370
Thread  C:\Windows\System32\svchost.exe [940:4272]                                           00007ffe057898f0
Thread  C:\Windows\system32\svchost.exe [968:2052]                                           00007ffe15664ee0
Thread  C:\Windows\system32\svchost.exe [968:3284]                                           00007ffe128d7240
Thread  C:\Windows\system32\svchost.exe [968:3292]                                           00007ffe13501ed0
Thread  C:\Windows\system32\svchost.exe [968:3296]                                           00007ffe13501ed0
Thread  C:\Windows\system32\svchost.exe [968:3500]                                           00007ffe19fd39b0
Thread  C:\Windows\system32\svchost.exe [968:23768]                                          00007ffe0bda1050
Thread  C:\Windows\system32\svchost.exe [312:2628]                                           00007ffe149f2a50
Thread  C:\Windows\system32\svchost.exe [312:2656]                                           00007ffe149edb60
Thread  C:\Windows\system32\svchost.exe [312:2664]                                           00007ffe149f0d70
Thread  C:\Windows\system32\svchost.exe [312:2668]                                           00007ffe149f2db0
Thread  C:\Windows\system32\svchost.exe [312:2672]                                           00007ffe149e5fe0
Thread  C:\Windows\system32\svchost.exe [312:2740]                                           00007ffe149eee40
Thread  C:\Windows\System32\svchost.exe [648:1088]                                           00007ffe17f171b0
Thread  C:\Windows\System32\svchost.exe [648:1152]                                           00007ffe1cff3ad0
Thread  C:\Windows\System32\svchost.exe [648:1788]                                           00007ffe15603190
Thread  C:\Windows\System32\svchost.exe [648:2960]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:2964]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:2968]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:2972]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:2980]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:2992]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:3000]                                           00007ffe1c321df0
Thread  C:\Windows\System32\svchost.exe [648:3084]                                           00007ffe130e36f0
Thread  C:\Windows\System32\svchost.exe [648:4192]                                           00007ffe155e3720
Thread  C:\Windows\System32\svchost.exe [648:3176]                                           00007ffe190c37a0
Thread  C:\Windows\System32\svchost.exe [648:232]                                            00007ffe156018f0
Thread  C:\Windows\System32\svchost.exe [648:4344]                                           00007ffe1e13ad30
Thread  C:\Windows\system32\svchost.exe [1036:19524]                                         00007ffe14127470
Thread  C:\Windows\System32\spoolsv.exe [1200:3200]                                          00007ffe15191120
Thread  C:\Windows\System32\spoolsv.exe [1200:1212]                                          00007ffe15173460
Thread  C:\Windows\System32\spoolsv.exe [1200:952]                                           00007ffe19535e40
Thread  C:\Windows\System32\spoolsv.exe [1200:1156]                                          00007ffe1960cd30
Thread  C:\Windows\system32\svchost.exe [1828:3512]                                          00007ffe15191120
Thread  C:\Windows\system32\svchost.exe [1828:25364]                                         00007ffe15173460
Thread  C:\Windows\system32\DllHost.exe [2896:3088]                                          00007ffe12929b10
Thread  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3504:3528]  00007ffe11f381f4
Thread  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3504:3532]  00007ffe11dfbdf4
Thread  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [3504:2912]  00007ffe11dfbdf4
Thread  C:\Windows\system32\csrss.exe [5532:2464]                                            fffff960008392d0
Thread  C:\Windows\system32\taskhost.exe [23732:25196]                                       00007ffe14a82660

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                unknown MBR code

---- EOF - GMER 2.1 ----
         
Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 13.07.2015
Suchlaufzeit: 19:56
Protokolldatei: malwarebytes.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.13.03
Rootkit-Datenbank: v2015.07.10.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: mar-sch

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 355774
Abgelaufene Zeit: 34 Min., 31 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}, , [af98548dc4c6f145939f41c3ee156e92], 

Registrierungswerte: 4
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|FaviconURL, hxxp://homepage-web.com/favicon.ico, , [af98548dc4c6f145939f41c3ee156e92]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|FaviconURLFallback, hxxp://homepage-web.com/favicon.ico, , [dc6b2db4addd68ced35f20e4c24121df]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|TopResultURL, hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, , [0245c91886045cdaba78f60e60a3e020]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}|URL, hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, , [9aad1bc64c3ebb7b959d7a8a28dbc53b]

Registrierungsdaten: 1
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3876264268-1847270997-196456751-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://homepage-web.com/?s=acer&m=start, Gut: (www.google.com), Schlecht: (hxxp://homepage-web.com/?s=acer&m=start),,[1b2c09d8c6c448ee408e23feb451718f]

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Avira
Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 13. Juli 2015  09:07


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 8.1 Connected
Windowsversion : (plain)  [6.3.9600]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MARSCH

Versionsinformationen:
BUILD.DAT      : 15.0.11.579   109728 Bytes  16.06.2015 09:37:00
AVSCAN.EXE     : 15.0.11.576  1041656 Bytes  07.07.2015 19:01:33
AVSCANRC.DLL   : 15.0.11.478    63792 Bytes  22.06.2015 18:31:59
LUKE.DLL       : 15.0.11.550    59696 Bytes  22.06.2015 18:32:16
AVSCPLR.DLL    : 15.0.11.550    95024 Bytes  22.06.2015 18:31:59
REPAIR.DLL     : 15.0.11.576   463608 Bytes  07.07.2015 19:01:32
REPAIR.RDF     : 1.0.8.60      946395 Bytes  06.07.2015 18:59:57
AVREG.DLL      : 15.0.11.550   276784 Bytes  22.06.2015 18:31:58
AVLODE.DLL     : 15.0.11.572   611632 Bytes  22.06.2015 18:31:57
AVLODE.RDF     : 14.0.4.72      79262 Bytes  08.07.2015 17:36:43
XBV00022.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00023.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00024.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00025.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00026.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00027.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00028.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00029.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00030.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00031.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00032.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00033.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00034.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00035.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00036.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00037.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00038.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00039.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00040.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00041.VDF   : 8.11.165.190     2048 Bytes  07.08.2014 16:54:46
XBV00202.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:32
XBV00203.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:32
XBV00204.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:32
XBV00205.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00206.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00207.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00208.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00209.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00210.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00211.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00212.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00213.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00214.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00215.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00216.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00217.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00218.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00219.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:33
XBV00220.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00221.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00222.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00223.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00224.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00225.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00226.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00227.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00228.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00229.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00230.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00231.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00232.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00233.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00234.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00235.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00236.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00237.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00238.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00239.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00240.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00241.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:34
XBV00242.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00243.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00244.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00245.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00246.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00247.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00248.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00249.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00250.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00251.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00252.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00253.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00254.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00255.VDF   : 8.11.243.12     2048 Bytes  26.06.2015 08:51:35
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 16:54:46
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 16:54:46
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 16:54:46
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 16:54:46
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 16:54:46
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 16:54:46
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 16:54:46
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 16:54:46
XBV00008.VDF   : 8.11.165.192  4251136 Bytes  07.08.2014 16:54:46
XBV00009.VDF   : 8.11.172.30  2094080 Bytes  15.09.2014 16:54:46
XBV00010.VDF   : 8.11.178.32  1581056 Bytes  14.10.2014 16:54:46
XBV00011.VDF   : 8.11.184.50  2178560 Bytes  11.11.2014 16:54:46
XBV00012.VDF   : 8.11.190.32  1876992 Bytes  03.12.2014 16:54:46
XBV00013.VDF   : 8.11.201.28  2973696 Bytes  14.01.2015 16:54:46
XBV00014.VDF   : 8.11.206.252  2695680 Bytes  04.02.2015 16:54:46
XBV00015.VDF   : 8.11.213.84  3175936 Bytes  03.03.2015 16:58:45
XBV00016.VDF   : 8.11.213.176   212480 Bytes  05.03.2015 16:58:45
XBV00017.VDF   : 8.11.219.166  2033664 Bytes  25.03.2015 13:32:17
XBV00018.VDF   : 8.11.225.88  2367488 Bytes  22.04.2015 15:06:47
XBV00019.VDF   : 8.11.230.186  1674752 Bytes  13.05.2015 13:47:12
XBV00020.VDF   : 8.11.237.30  4711936 Bytes  02.06.2015 18:32:56
XBV00021.VDF   : 8.11.243.12  2747904 Bytes  26.06.2015 08:51:23
XBV00042.VDF   : 8.11.243.20     3584 Bytes  26.06.2015 08:51:23
XBV00043.VDF   : 8.11.243.28     2048 Bytes  26.06.2015 08:51:24
XBV00044.VDF   : 8.11.243.36     2048 Bytes  26.06.2015 08:51:24
XBV00045.VDF   : 8.11.243.46    38912 Bytes  26.06.2015 08:51:24
XBV00046.VDF   : 8.11.243.48     3584 Bytes  26.06.2015 08:51:24
XBV00047.VDF   : 8.11.243.52    27136 Bytes  27.06.2015 08:51:24
XBV00048.VDF   : 8.11.243.54    36864 Bytes  27.06.2015 14:50:59
XBV00049.VDF   : 8.11.243.56     8704 Bytes  27.06.2015 17:35:42
XBV00050.VDF   : 8.11.243.60    83968 Bytes  28.06.2015 17:35:43
XBV00051.VDF   : 8.11.243.62     2048 Bytes  28.06.2015 17:35:43
XBV00052.VDF   : 8.11.243.70     6656 Bytes  28.06.2015 17:35:43
XBV00053.VDF   : 8.11.243.78     8192 Bytes  28.06.2015 17:35:44
XBV00054.VDF   : 8.11.243.86     3584 Bytes  28.06.2015 17:35:44
XBV00055.VDF   : 8.11.243.94    68608 Bytes  29.06.2015 17:35:45
XBV00056.VDF   : 8.11.243.96     4608 Bytes  29.06.2015 17:35:46
XBV00057.VDF   : 8.11.243.98     5120 Bytes  29.06.2015 17:35:46
XBV00058.VDF   : 8.11.243.100     5632 Bytes  29.06.2015 17:35:46
XBV00059.VDF   : 8.11.243.102     5120 Bytes  29.06.2015 17:35:47
XBV00060.VDF   : 8.11.243.122    46080 Bytes  29.06.2015 17:13:15
XBV00061.VDF   : 8.11.243.124     2048 Bytes  29.06.2015 17:13:15
XBV00062.VDF   : 8.11.243.126    26624 Bytes  29.06.2015 17:13:16
XBV00063.VDF   : 8.11.243.128     2048 Bytes  29.06.2015 17:13:16
XBV00064.VDF   : 8.11.243.134    18944 Bytes  29.06.2015 17:13:16
XBV00065.VDF   : 8.11.243.138    33280 Bytes  30.06.2015 17:13:17
XBV00066.VDF   : 8.11.243.146    30208 Bytes  30.06.2015 17:13:18
XBV00067.VDF   : 8.11.243.152    14336 Bytes  30.06.2015 17:13:18
XBV00068.VDF   : 8.11.243.158     3584 Bytes  30.06.2015 17:13:19
XBV00069.VDF   : 8.11.243.170    33792 Bytes  30.06.2015 17:13:22
XBV00070.VDF   : 8.11.243.176     2560 Bytes  30.06.2015 17:13:23
XBV00071.VDF   : 8.11.243.184    29184 Bytes  30.06.2015 13:40:32
XBV00072.VDF   : 8.11.243.186    15360 Bytes  30.06.2015 13:40:33
XBV00073.VDF   : 8.11.243.188    10752 Bytes  30.06.2015 13:40:33
XBV00074.VDF   : 8.11.243.192    85504 Bytes  01.07.2015 13:40:34
XBV00075.VDF   : 8.11.243.194     2048 Bytes  01.07.2015 13:40:34
XBV00076.VDF   : 8.11.243.196     2048 Bytes  01.07.2015 13:40:34
XBV00077.VDF   : 8.11.243.198     2048 Bytes  01.07.2015 13:40:34
XBV00078.VDF   : 8.11.243.200    12288 Bytes  01.07.2015 13:40:34
XBV00079.VDF   : 8.11.243.234    47104 Bytes  01.07.2015 13:40:34
XBV00080.VDF   : 8.11.244.42    33792 Bytes  01.07.2015 13:40:35
XBV00081.VDF   : 8.11.244.74    42496 Bytes  01.07.2015 13:40:35
XBV00082.VDF   : 8.11.244.106    23040 Bytes  01.07.2015 13:40:35
XBV00083.VDF   : 8.11.244.142    17408 Bytes  01.07.2015 13:40:35
XBV00084.VDF   : 8.11.244.148    59904 Bytes  02.07.2015 13:40:36
XBV00085.VDF   : 8.11.244.152     2048 Bytes  02.07.2015 13:40:36
XBV00086.VDF   : 8.11.244.154     8192 Bytes  02.07.2015 13:40:36
XBV00087.VDF   : 8.11.244.156     5120 Bytes  02.07.2015 13:40:36
XBV00088.VDF   : 8.11.244.158     3584 Bytes  02.07.2015 13:40:36
XBV00089.VDF   : 8.11.244.160     3584 Bytes  02.07.2015 13:40:36
XBV00090.VDF   : 8.11.244.164    34816 Bytes  02.07.2015 13:40:36
XBV00091.VDF   : 8.11.244.166     2048 Bytes  02.07.2015 13:40:37
XBV00092.VDF   : 8.11.244.170    32256 Bytes  02.07.2015 13:40:37
XBV00093.VDF   : 8.11.244.172     4608 Bytes  02.07.2015 13:40:37
XBV00094.VDF   : 8.11.244.174     7168 Bytes  02.07.2015 13:40:37
XBV00095.VDF   : 8.11.244.198     9216 Bytes  03.07.2015 13:40:37
XBV00096.VDF   : 8.11.244.218    29184 Bytes  03.07.2015 13:40:37
XBV00097.VDF   : 8.11.244.220     2048 Bytes  03.07.2015 13:40:38
XBV00098.VDF   : 8.11.244.240     7168 Bytes  03.07.2015 13:40:38
XBV00099.VDF   : 8.11.244.242     4096 Bytes  03.07.2015 13:40:38
XBV00100.VDF   : 8.11.245.8     35840 Bytes  03.07.2015 15:43:18
XBV00101.VDF   : 8.11.245.10    10752 Bytes  03.07.2015 18:37:46
XBV00102.VDF   : 8.11.245.12     6144 Bytes  03.07.2015 18:37:46
XBV00103.VDF   : 8.11.245.14     4608 Bytes  03.07.2015 17:57:02
XBV00104.VDF   : 8.11.245.16     2048 Bytes  03.07.2015 17:57:02
XBV00105.VDF   : 8.11.245.18     2048 Bytes  03.07.2015 17:57:02
XBV00106.VDF   : 8.11.245.20     3072 Bytes  03.07.2015 17:57:03
XBV00107.VDF   : 8.11.245.22     2048 Bytes  03.07.2015 17:57:03
XBV00108.VDF   : 8.11.245.24     2048 Bytes  03.07.2015 17:57:03
XBV00109.VDF   : 8.11.245.34     3072 Bytes  04.07.2015 17:57:03
XBV00110.VDF   : 8.11.245.36     2048 Bytes  04.07.2015 17:57:03
XBV00111.VDF   : 8.11.245.40    82944 Bytes  04.07.2015 17:57:03
XBV00112.VDF   : 8.11.245.42    12288 Bytes  04.07.2015 17:57:03
XBV00113.VDF   : 8.11.245.44    73216 Bytes  05.07.2015 17:27:50
XBV00114.VDF   : 8.11.245.64     5120 Bytes  05.07.2015 17:27:50
XBV00115.VDF   : 8.11.245.84     7680 Bytes  05.07.2015 17:27:50
XBV00116.VDF   : 8.11.245.104    10752 Bytes  05.07.2015 17:27:51
XBV00117.VDF   : 8.11.245.124     3072 Bytes  05.07.2015 17:27:51
XBV00118.VDF   : 8.11.245.126     4096 Bytes  05.07.2015 17:27:51
XBV00119.VDF   : 8.11.245.128     8192 Bytes  05.07.2015 17:27:51
XBV00120.VDF   : 8.11.245.130     5120 Bytes  05.07.2015 17:27:51
XBV00121.VDF   : 8.11.245.132    41472 Bytes  06.07.2015 18:59:13
XBV00122.VDF   : 8.11.245.134    22528 Bytes  06.07.2015 18:59:13
XBV00123.VDF   : 8.11.245.136     6144 Bytes  06.07.2015 18:59:14
XBV00124.VDF   : 8.11.245.138     7680 Bytes  06.07.2015 18:59:14
XBV00125.VDF   : 8.11.245.140     6656 Bytes  06.07.2015 18:59:14
XBV00126.VDF   : 8.11.245.142    11776 Bytes  06.07.2015 18:59:14
XBV00127.VDF   : 8.11.245.146    24064 Bytes  06.07.2015 18:59:15
XBV00128.VDF   : 8.11.245.148     8704 Bytes  06.07.2015 18:59:15
XBV00129.VDF   : 8.11.245.150     2048 Bytes  06.07.2015 18:59:15
XBV00130.VDF   : 8.11.245.152     2048 Bytes  06.07.2015 18:59:15
XBV00131.VDF   : 8.11.245.154    25600 Bytes  06.07.2015 18:59:16
XBV00132.VDF   : 8.11.245.158    19968 Bytes  06.07.2015 19:01:34
XBV00133.VDF   : 8.11.245.178     7680 Bytes  06.07.2015 19:01:35
XBV00134.VDF   : 8.11.245.196     2048 Bytes  06.07.2015 19:01:35
XBV00135.VDF   : 8.11.245.214     3584 Bytes  06.07.2015 19:01:35
XBV00136.VDF   : 8.11.245.234     8192 Bytes  07.07.2015 19:01:35
XBV00137.VDF   : 8.11.245.252     2560 Bytes  07.07.2015 19:01:35
XBV00138.VDF   : 8.11.245.254     2560 Bytes  07.07.2015 19:01:35
XBV00139.VDF   : 8.11.246.0      2048 Bytes  07.07.2015 19:01:35
XBV00140.VDF   : 8.11.246.2     11264 Bytes  07.07.2015 19:01:35
XBV00141.VDF   : 8.11.246.4      2048 Bytes  07.07.2015 19:01:35
XBV00142.VDF   : 8.11.246.8     34816 Bytes  07.07.2015 19:01:36
XBV00143.VDF   : 8.11.246.10     2048 Bytes  07.07.2015 19:01:36
XBV00144.VDF   : 8.11.246.12    20480 Bytes  07.07.2015 19:01:36
XBV00145.VDF   : 8.11.246.14     4608 Bytes  07.07.2015 19:01:36
XBV00146.VDF   : 8.11.246.18    38912 Bytes  07.07.2015 17:36:44
XBV00147.VDF   : 8.11.246.20    18944 Bytes  07.07.2015 17:36:44
XBV00148.VDF   : 8.11.246.22    18432 Bytes  07.07.2015 17:36:44
XBV00149.VDF   : 8.11.246.24     5632 Bytes  07.07.2015 17:36:44
XBV00150.VDF   : 8.11.246.28    26112 Bytes  08.07.2015 17:36:45
XBV00151.VDF   : 8.11.246.30     3584 Bytes  08.07.2015 17:36:45
XBV00152.VDF   : 8.11.246.32     8704 Bytes  08.07.2015 17:36:45
XBV00153.VDF   : 8.11.246.34    11264 Bytes  08.07.2015 17:36:45
XBV00154.VDF   : 8.11.246.52     2048 Bytes  08.07.2015 17:36:45
XBV00155.VDF   : 8.11.246.70    18432 Bytes  08.07.2015 17:36:45
XBV00156.VDF   : 8.11.246.108    53760 Bytes  08.07.2015 17:36:46
XBV00157.VDF   : 8.11.246.126     4608 Bytes  08.07.2015 16:45:19
XBV00158.VDF   : 8.11.246.128     2048 Bytes  08.07.2015 16:45:19
XBV00159.VDF   : 8.11.246.130     3072 Bytes  08.07.2015 16:45:19
XBV00160.VDF   : 8.11.246.132     2048 Bytes  08.07.2015 16:45:19
XBV00161.VDF   : 8.11.246.134     2048 Bytes  08.07.2015 16:45:19
XBV00162.VDF   : 8.11.246.136     2048 Bytes  08.07.2015 16:45:19
XBV00163.VDF   : 8.11.246.140     7680 Bytes  09.07.2015 16:45:19
XBV00164.VDF   : 8.11.246.144    33792 Bytes  09.07.2015 16:45:19
XBV00165.VDF   : 8.11.246.146    31744 Bytes  09.07.2015 16:45:20
XBV00166.VDF   : 8.11.246.148     8704 Bytes  09.07.2015 16:45:20
XBV00167.VDF   : 8.11.246.150     3072 Bytes  09.07.2015 16:45:20
XBV00168.VDF   : 8.11.246.152     2048 Bytes  09.07.2015 16:45:20
XBV00169.VDF   : 8.11.246.156     3584 Bytes  09.07.2015 16:45:20
XBV00170.VDF   : 8.11.246.158    32256 Bytes  09.07.2015 16:45:20
XBV00171.VDF   : 8.11.246.176    10240 Bytes  09.07.2015 18:45:37
XBV00172.VDF   : 8.11.246.192     2048 Bytes  09.07.2015 18:45:37
XBV00173.VDF   : 8.11.246.210    44544 Bytes  09.07.2015 15:41:38
XBV00174.VDF   : 8.11.246.226    11776 Bytes  09.07.2015 15:41:38
XBV00175.VDF   : 8.11.246.244    21504 Bytes  10.07.2015 15:41:39
XBV00176.VDF   : 8.11.246.246     2560 Bytes  10.07.2015 15:41:39
XBV00177.VDF   : 8.11.246.248     2560 Bytes  10.07.2015 15:41:39
XBV00178.VDF   : 8.11.246.250    27136 Bytes  10.07.2015 15:41:39
XBV00179.VDF   : 8.11.246.252    12800 Bytes  10.07.2015 15:41:39
XBV00180.VDF   : 8.11.246.254     2560 Bytes  10.07.2015 15:41:39
XBV00181.VDF   : 8.11.247.4     45568 Bytes  10.07.2015 17:42:06
XBV00182.VDF   : 8.11.247.6      2048 Bytes  10.07.2015 17:42:06
XBV00183.VDF   : 8.11.247.8      2048 Bytes  10.07.2015 17:42:06
XBV00184.VDF   : 8.11.247.10     2048 Bytes  10.07.2015 17:42:06
XBV00185.VDF   : 8.11.247.14    67072 Bytes  10.07.2015 17:39:25
XBV00186.VDF   : 8.11.247.16    12288 Bytes  10.07.2015 17:39:25
XBV00187.VDF   : 8.11.247.20    45056 Bytes  11.07.2015 17:39:25
XBV00188.VDF   : 8.11.247.36    17408 Bytes  11.07.2015 17:39:25
XBV00189.VDF   : 8.11.247.52     2048 Bytes  11.07.2015 17:39:25
XBV00190.VDF   : 8.11.247.68    18944 Bytes  11.07.2015 17:39:25
XBV00191.VDF   : 8.11.247.84     7680 Bytes  11.07.2015 17:39:25
XBV00192.VDF   : 8.11.247.100    57856 Bytes  12.07.2015 17:39:25
XBV00193.VDF   : 8.11.247.102    11776 Bytes  12.07.2015 17:39:25
XBV00194.VDF   : 8.11.247.104    10240 Bytes  12.07.2015 17:39:25
XBV00195.VDF   : 8.11.247.106     7680 Bytes  12.07.2015 17:39:25
XBV00196.VDF   : 8.11.247.108    10240 Bytes  12.07.2015 17:39:25
XBV00197.VDF   : 8.11.247.110     6144 Bytes  12.07.2015 17:39:25
XBV00198.VDF   : 8.11.247.112    68608 Bytes  13.07.2015 07:00:18
XBV00199.VDF   : 8.11.247.128     2048 Bytes  13.07.2015 07:00:18
XBV00200.VDF   : 8.11.247.142    10240 Bytes  13.07.2015 07:00:18
XBV00201.VDF   : 8.11.247.144     2048 Bytes  13.07.2015 07:00:18
LOCAL001.VDF   : 8.11.247.144 131170816 Bytes  13.07.2015 07:00:50
Engineversion  : 8.3.32.22 
AEBB.DLL       : 8.1.2.0        60448 Bytes  25.02.2015 16:53:34
AECORE.DLL     : 8.3.7.2       249920 Bytes  22.06.2015 18:31:49
AEDROID.DLL    : 8.4.3.302    1506160 Bytes  10.07.2015 15:41:37
AEEMU.DLL      : 8.1.3.4       399264 Bytes  25.02.2015 16:53:34
AEEXP.DLL      : 8.4.2.88      266296 Bytes  16.05.2015 13:47:10
AEGEN.DLL      : 8.1.7.42      457576 Bytes  27.06.2015 08:51:17
AEHELP.DLL     : 8.3.2.2       281456 Bytes  29.06.2015 17:34:41
AEHEUR.DLL     : 8.1.4.1784   8551280 Bytes  10.07.2015 15:41:35
AEMOBILE.DLL   : 8.1.8.2       303168 Bytes  10.07.2015 15:41:38
AEOFFICE.DLL   : 8.3.1.44      404608 Bytes  10.07.2015 15:41:35
AEPACK.DLL     : 8.4.0.82      792488 Bytes  29.06.2015 17:35:34
AERDL.DLL      : 8.2.1.20      731040 Bytes  25.02.2015 16:53:34
AESBX.DLL      : 8.2.21.0     1622072 Bytes  22.06.2015 18:31:53
AESCN.DLL      : 8.3.2.10      142456 Bytes  16.05.2015 13:47:10
AESCRIPT.DLL   : 8.2.2.82      534440 Bytes  10.07.2015 15:41:36
AEVDF.DLL      : 8.3.1.6       133992 Bytes  25.02.2015 16:53:34
AVWINLL.DLL    : 15.0.11.478    25904 Bytes  22.06.2015 18:31:49
AVPREF.DLL     : 15.0.11.478    54216 Bytes  22.06.2015 18:31:58
AVREP.DLL      : 15.0.11.478   220464 Bytes  22.06.2015 18:31:58
AVARKT.DLL     : 15.0.11.478   228088 Bytes  22.06.2015 18:31:54
AVEVTLOG.DLL   : 15.0.11.550   195320 Bytes  22.06.2015 18:31:56
SQLITE3.DLL    : 15.0.11.478   455472 Bytes  22.06.2015 18:32:19
AVSMTP.DLL     : 15.0.11.478    79096 Bytes  22.06.2015 18:32:00
NETNT.DLL      : 15.0.11.478    16384 Bytes  22.06.2015 18:32:16
CommonImageRc.dll: 15.0.11.478  4279600 Bytes  22.06.2015 18:31:49
CommonTextRc.dll: 15.0.11.478    69936 Bytes  22.06.2015 18:31:49

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 13. Juli 2015  09:07

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '201' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxCUIService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCDMonitorService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DptfParticipantProcessorService.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'DptfPolicyCriticalService.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelTechnologyAccessService.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'EscSvc64.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '184' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxEM.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxHK.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxTray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'FMAPP.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCleaner64.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'flowsync.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'PowerDVD14Agent.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerWinMonitor.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '25' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1271' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\swapfile.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!


Ende des Suchlaufs: Montag, 13. Juli 2015  12:22
Benötigte Zeit:  3:14:58 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  38461 Verzeichnisse wurden überprüft
 652825 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 652824 Dateien ohne Befall
   6561 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise
   1049 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Ich hoffe das ich alle wichtigen Informationen beigefügt habe und bedanke mich schon einmal für die Hilfe.

Mit freundlichen Grüßen
paralysis

Alt 14.07.2015, 13:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 14.07.2015, 14:00   #3
paralysis
 
Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Hallo schrauber,

danke für die schnelle Hilfe.

hier die geforderten logfiles:

Adwcleaner
Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 14/07/2015 um 14:25:57
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-11.1 [Server]
# Betriebssystem : Windows 8.1 Connected  (x64)
# Benutzername : mar-sch - MARSCH
# Gestarted von : C:\Users\mar-sch\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\pokki
Ordner Gelöscht : C:\Users\mar-sch\AppData\Local\pokki
Ordner Gelöscht : C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjlohfdjcjhmfcabomglnciodlnplhk
Datei Gelöscht : C:\Users\mar-sch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Datei Gelöscht : C:\Users\mar-sch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B1DB0D1-CA2E-11E4-8260-C45444FD4A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Pokki
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v37.0.2 (x86 de)


-\\ Google Chrome v43.0.2357.132

[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005?&barid={BD7E9393-7E52-11E1-929B-E839DF8C46B0}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332152&octid=EB_ORIGINAL_CTID&ISID=M3D292828-9D3B-4670-9AA8-659F424D3129&SearchSource=58&CUI=&UM=6&UP=SP734E44FE-9C45-47BB-B43D-D6DB065B03B6&q={searchTerms}&SSPV=
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3812_3&babsrc=SP_ss&mntrId=56ea201800000000000018f46a8303b5
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : 
[C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : AB04992F414891D52D1B92B02BDE6A91116EECB6DFC6A5853DA859F518ACBDF2"},"software_reporter":{"prompt_reason":"8B25A20CEC0261594B7C16AC0CE3349F85F7FB65ECD6B8922A93D69418A760CE","prompt_seed":"6EBF1C29AF192DD074911818EF8C3DA1152B8AD541C3CA6447544D6AC6CAEF4C","prompt_version":"16A423013D4C27C4B3255CCCB0569D0614BD92002DFEDECC3536662A29484560"},"sync":{"remaining_rollback_tries":"25C5A6040401B160BE6EE619AF746DBF6970E1EEB75317D759CD73723F65B01A"}},"super_mac":"78D988190804444FB61855553C495C4E41FE5CCED6CD634591B0BB71E2F7D142"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://homepage-web.com/?s=acer&m=start

*************************

AdwCleaner[R0].txt - [10695 Bytes] - [14/07/2015 14:23:59]
AdwCleaner[S0].txt - [4545 Bytes] - [14/07/2015 14:25:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4604  Bytes] ##########
         
Junkware
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Windows 8.1 Connected x64
Ran by mar-sch on 14.07.2015 at 14:37:53,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\mar-sch\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.07.2015 at 14:42:20,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und die neue FRST
[CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 14-07-2015 14:45:34
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55

FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]

Chrome: 
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Facebook Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeeghhhohhefmlmbpmkcdndgebpfkf [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09]
CHR Extension: (YouTube) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09]
CHR Extension: (Google Search) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2015-03-09]
CHR Extension: (Google Sheets) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-03-09]
CHR Extension: (Avira Browser Safety) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Avira SafeSearch) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2015-03-09]
CHR Extension: (Session Manager) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2015-03-09]
CHR Extension: (Instagram Video Downloader) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccijgeciailcjildclhbjgakoemgjjg [2015-06-23]
CHR Extension: (Gmail) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
S2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 14:42 - 2015-07-14 14:42 - 00001068 _____ C:\Users\mar-sch\Desktop\JRT.txt
2015-07-14 14:38 - 2015-07-14 14:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARSCH-Windows-8.1-Connected-(64-bit).dat
2015-07-14 14:38 - 2015-07-14 14:38 - 00000000 ____D C:\RegBackup
2015-07-14 14:35 - 2015-07-14 14:35 - 00004692 _____ C:\Users\mar-sch\Desktop\AdwCleaner[S0].txt
2015-07-14 14:23 - 2015-07-14 14:34 - 00000000 ____D C:\AdwCleaner
2015-07-14 14:20 - 2015-07-14 14:20 - 03034266 _____ (Malwarebytes Corporation) C:\Users\mar-sch\Desktop\JRT.exe
2015-07-14 14:18 - 2015-07-14 14:18 - 02248704 _____ C:\Users\mar-sch\Desktop\AdwCleaner_4.208.exe
2015-07-14 13:37 - 2015-07-13 23:22 - 00009636 _____ C:\Users\mar-sch\Documents\Unbenannt%201.odt_0.odt
2015-07-14 13:08 - 2015-07-14 13:08 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 13:08 - 2015-07-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 13:07 - 2015-07-14 14:33 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 13:07 - 2015-07-14 14:18 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 13:07 - 2015-07-14 13:13 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 13:04 - 2015-07-14 13:04 - 00000000 __SHD C:\Users\mar-sch\AppData\Local\EmieBrowserModeList
2015-07-13 23:07 - 2015-07-13 23:07 - 00000094 ____H C:\Users\mar-sch\Desktop\.~lock.Unbenannt 1.odt#
2015-07-13 22:48 - 2015-07-13 22:48 - 00000601 _____ C:\Users\mar-sch\Desktop\AVSCAN-20150713-090713-6C9DE0FD - Verknüpfung.lnk
2015-07-13 22:11 - 2015-07-13 22:11 - 00005601 _____ C:\Users\mar-sch\Desktop\Gmer.txt
2015-07-13 20:32 - 2015-07-13 20:32 - 00002700 _____ C:\Users\mar-sch\Desktop\malwarebytes.txt
2015-07-13 19:55 - 2015-07-14 14:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:54 - 2015-07-13 19:54 - 00001078 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-13 19:54 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 19:51 - 2015-07-13 19:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\mar-sch\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-13 19:46 - 2015-07-13 19:46 - 00380416 _____ C:\Users\mar-sch\Desktop\Gmer-19357.exe
2015-07-13 12:27 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\Desktop\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-13 12:26 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-12 22:53 - 2015-07-12 22:54 - 00027844 _____ C:\Users\mar-sch\Desktop\Addition.txt
2015-07-12 22:51 - 2015-07-14 14:45 - 00015588 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-12 22:50 - 2015-07-14 14:45 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000476 _____ C:\Users\mar-sch\Desktop\defogger_disable.log
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00009573 _____ C:\Users\mar-sch\Desktop\Unbenannt 1.odt
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-07-12 22:45 - 2015-07-12 22:45 - 00050477 _____ C:\Users\mar-sch\Desktop\Defogger.exe
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 14:38 - 2015-03-09 18:17 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-14 14:36 - 2014-10-27 16:51 - 01060345 _____ C:\Windows\WindowsUpdate.log
2015-07-14 14:28 - 2015-03-15 10:34 - 00006062 _____ C:\Windows\setupact.log
2015-07-14 14:28 - 2015-03-15 10:33 - 00242698 _____ C:\Windows\PFRO.log
2015-07-14 14:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 14:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-14 13:13 - 2015-03-09 18:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 13:08 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 13:07 - 2015-03-09 18:30 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Deployment
2015-07-13 12:26 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-10 17:52 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 13:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
C:\Users\mar-sch\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\mar-sch\AppData\Local\Temp\mccspuninstall.exe
C:\Users\mar-sch\AppData\Local\Temp\Quarantine.exe
C:\Users\mar-sch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 17:56

==================== End of log ============================
         
--- --- ---
__________________

Alt 15.07.2015, 08:42   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.07.2015, 15:06   #5
paralysis
 
Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Hallo schrauber,

hier die geforderten Dateien.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee1e1b56d48a647a4c119defd4d55cf
# end=init
# utc_time=2015-07-15 11:13:06
# local_time=2015-07-15 01:13:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24809
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aee1e1b56d48a647a4c119defd4d55cf
# end=updated
# utc_time=2015-07-15 11:17:55
# local_time=2015-07-15 01:17:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aee1e1b56d48a647a4c119defd4d55cf
# engine=24809
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-15 12:52:02
# local_time=2015-07-15 02:52:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10640787 41781490 0 0
# scanned=212060
# found=0
# cleaned=0
# scan_time=5646
         

Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus    
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Mozilla Thunderbird (38.0.1) 
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         


[CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 15-07-2015 15:23:58
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55

FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]

Chrome: 
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
S2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 15:23 - 2015-07-15 15:24 - 00014329 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-15 15:23 - 2015-07-15 15:23 - 00000855 _____ C:\Users\mar-sch\Desktop\checkup.txt
2015-07-15 13:08 - 2015-07-15 13:08 - 00852662 _____ C:\Users\mar-sch\Desktop\SecurityCheck.exe
2015-07-15 13:07 - 2015-07-15 13:07 - 02870984 _____ (ESET) C:\Users\mar-sch\Desktop\esetsmartinstaller_deu.exe
2015-07-14 18:34 - 2015-07-15 15:23 - 00000000 ____D C:\Users\mar-sch\Desktop\Neuer Ordner
2015-07-14 14:38 - 2015-07-14 14:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARSCH-Windows-8.1-Connected-(64-bit).dat
2015-07-14 14:38 - 2015-07-14 14:38 - 00000000 ____D C:\RegBackup
2015-07-14 14:23 - 2015-07-14 14:35 - 00000000 ____D C:\AdwCleaner
2015-07-14 13:37 - 2015-07-13 23:22 - 00009636 _____ C:\Users\mar-sch\Documents\Unbenannt%201.odt_0.odt
2015-07-14 13:08 - 2015-07-14 18:24 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 13:08 - 2015-07-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 13:07 - 2015-07-15 15:18 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 13:07 - 2015-07-15 13:18 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 13:07 - 2015-07-14 13:13 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 13:04 - 2015-07-14 13:04 - 00000000 __SHD C:\Users\mar-sch\AppData\Local\EmieBrowserModeList
2015-07-13 23:07 - 2015-07-13 23:07 - 00000094 ____H C:\Users\mar-sch\Desktop\.~lock.Unbenannt 1.odt#
2015-07-13 19:55 - 2015-07-14 14:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-13 19:54 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 12:26 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-12 22:50 - 2015-07-15 15:24 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 15:13 - 2014-10-27 16:51 - 01314534 _____ C:\Windows\WindowsUpdate.log
2015-07-15 15:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-15 14:59 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-14 18:46 - 2015-03-09 18:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-14 14:28 - 2015-03-15 10:34 - 00006062 _____ C:\Windows\setupact.log
2015-07-14 14:28 - 2015-03-15 10:33 - 00242698 _____ C:\Windows\PFRO.log
2015-07-14 14:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 13:13 - 2015-03-09 18:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 13:08 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 13:07 - 2015-03-09 18:30 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Deployment
2015-07-13 12:26 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 13:25 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe
C:\Users\mar-sch\AppData\Local\Temp\Intel_Technology_Access_Software.exe
C:\Users\mar-sch\AppData\Local\Temp\mccspuninstall.exe
C:\Users\mar-sch\AppData\Local\Temp\Quarantine.exe
C:\Users\mar-sch\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 17:56

==================== End of log ============================
         
--- --- ---


Nach den ersten ersten Durchläufen von AdwCleaner und Junkware Removal waren die Probleme behoben. Es öffnen sich seitdem keine Fenster mehr von alleine. Vielen Dank nochmal für deine Hilfe.


Alt 16.07.2015, 07:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Hast Du irgendwas mit den USA am Hut? Da ist noch ne IP die nach Illinois führt.
__________________
--> Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen

Alt 16.07.2015, 08:23   #7
paralysis
 
Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Hallo schrauber,

mit den USA habe ich nichts am Hut. Wüßte nicht wo die herkommt.

Alt 16.07.2015, 10:09   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Tcpip\..\Interfaces\{5D553A61-A212-4B41-B703-8CB441E907F6}: [DhcpNameServer] 40.30.1.55
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.07.2015, 11:41   #9
paralysis
 
Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen



Hier der neue FRST log

[CODE]
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by mar-sch (administrator) on MARSCH on 16-07-2015 11:47:19
Running from C:\Users\mar-sch\Desktop
Loaded Profiles: mar-sch (Available Profiles: mar-sch)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-11-04] (CyberLink Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3876264268-1847270997-196456751-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe [1125376 2014-11-11] (Polar Electro Oy)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3876264268-1847270997-196456751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2013-08-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2172CD39-17EB-428D-9F2B-92DC852BB964}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2013-08-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\mar-sch\AppData\Roaming\Mozilla\Firefox\Profiles\XFZFlE0P.default\Extensions\abs@avira.com [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-11]

Chrome: 
=======
CHR Profile: C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\mar-sch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-08-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-17] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-17] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [121616 2013-09-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-17] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [70752 2013-09-17] (Intel Corporation)
S3 DptfDevDram; C:\Windows\System32\drivers\DptfDevDram.sys [145640 2013-09-17] (Intel Corporation)
S3 DptfDevFan; C:\Windows\System32\drivers\DptfDevFan.sys [50640 2013-09-17] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [78504 2013-09-17] (Intel Corporation)
S3 DptfDevPch; C:\Windows\System32\drivers\DptfDevPch.sys [116752 2013-09-17] (Intel Corporation)
S3 DptfDevPower; C:\Windows\System32\drivers\DptfDevPower.sys [71808 2013-09-17] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-17] (Intel Corporation)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-12-10] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-11-04] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 11:47 - 2015-07-16 11:47 - 00015206 _____ C:\Users\mar-sch\Desktop\FRST.txt
2015-07-15 15:25 - 2015-07-15 15:26 - 00034294 _____ C:\Users\mar-sch\Desktop\Addition.txt
2015-07-14 18:34 - 2015-07-16 11:41 - 00000000 ____D C:\Users\mar-sch\Desktop\Neuer Ordner
2015-07-14 14:38 - 2015-07-14 14:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARSCH-Windows-8.1-Connected-(64-bit).dat
2015-07-14 14:38 - 2015-07-14 14:38 - 00000000 ____D C:\RegBackup
2015-07-14 14:23 - 2015-07-14 14:35 - 00000000 ____D C:\AdwCleaner
2015-07-14 13:37 - 2015-07-13 23:22 - 00009636 _____ C:\Users\mar-sch\Documents\Unbenannt%201.odt_0.odt
2015-07-14 13:08 - 2015-07-14 18:24 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 13:08 - 2015-07-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-14 13:07 - 2015-07-16 11:45 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 13:07 - 2015-07-16 11:24 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 13:07 - 2015-07-16 09:19 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 13:04 - 2015-07-14 13:04 - 00000000 __SHD C:\Users\mar-sch\AppData\Local\EmieBrowserModeList
2015-07-13 23:07 - 2015-07-13 23:07 - 00000094 ____H C:\Users\mar-sch\Desktop\.~lock.Unbenannt 1.odt#
2015-07-13 19:55 - 2015-07-14 14:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 19:54 - 2015-07-13 19:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-13 19:54 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 19:54 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 12:26 - 2015-07-13 12:26 - 00054058 _____ C:\Users\mar-sch\AVSCAN-20150713-090713-6C9DE0FD.LOG
2015-07-12 22:50 - 2015-07-16 11:47 - 00000000 ____D C:\FRST
2015-07-12 22:49 - 2015-07-12 22:49 - 02133504 _____ (Farbar) C:\Users\mar-sch\Desktop\FRST64.exe
2015-07-12 22:48 - 2015-07-12 22:48 - 00000000 _____ C:\Users\mar-sch\defogger_reenable
2015-07-12 22:47 - 2015-07-12 22:47 - 00007168 ___SH C:\Users\mar-sch\Desktop\Thumbs.db
2015-06-27 17:27 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Local\calibre-cache
2015-06-27 17:20 - 2015-06-28 22:04 - 00000000 ____D C:\Users\mar-sch\Documents\Calibre-Bibliothek
2015-06-27 17:19 - 2015-06-27 17:27 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\calibre
2015-06-27 17:14 - 2015-06-27 17:14 - 00000946 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-06-27 17:13 - 2015-06-27 17:14 - 00000000 ____D C:\Program Files\Calibre2
2015-06-27 17:11 - 2015-06-27 17:12 - 70533120 _____ C:\Users\mar-sch\Downloads\calibre-64bit-2.31.0.msi
2015-06-27 13:00 - 2015-06-27 13:00 - 00000984 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Users\mar-sch\AppData\Local\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-06-27 13:00 - 2015-06-27 13:00 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-06-27 12:59 - 2015-06-27 12:59 - 23460232 _____ (TomTom International B.V.) C:\Users\mar-sch\Downloads\InstallMyDriveConnect.exe
2015-06-23 19:43 - 2015-06-23 19:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 19:34 - 2015-06-23 19:34 - 00001135 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\ProgramData\Apple
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files\Bonjour
2015-06-23 19:34 - 2015-06-23 19:34 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-23 19:33 - 2015-06-23 19:33 - 00000000 ____D C:\Program Files (x86)\Polar
2015-06-23 19:31 - 2015-06-23 19:31 - 21743168 _____ (Polar Electro Oy ) C:\Users\mar-sch\Downloads\FlowSync_2.3.8.exe
2015-06-22 19:57 - 2015-06-22 19:57 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00001173 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Roaming\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Thunderbird
2015-06-22 19:57 - 2015-06-22 19:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-22 19:55 - 2015-06-22 19:55 - 33850016 _____ (Mozilla) C:\Users\mar-sch\Downloads\Thunderbird Setup 38.0.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 11:44 - 2015-03-15 10:34 - 00006178 _____ C:\Windows\setupact.log
2015-07-16 11:44 - 2015-03-15 10:33 - 00243532 _____ C:\Windows\PFRO.log
2015-07-16 11:44 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 11:44 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-16 11:43 - 2014-10-27 16:51 - 01395573 _____ C:\Windows\WindowsUpdate.log
2015-07-16 11:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-16 09:19 - 2015-03-09 18:31 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 14:59 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-14 18:46 - 2015-03-09 18:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3876264268-1847270997-196456751-1001
2015-07-14 13:08 - 2015-03-09 18:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-14 13:07 - 2015-03-09 18:30 - 00000000 ____D C:\Users\mar-sch\AppData\Local\Deployment
2015-07-13 12:26 - 2015-03-09 18:11 - 00000000 ____D C:\Users\mar-sch
2015-07-09 18:47 - 2015-03-09 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-09 18:47 - 2015-03-09 18:41 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-09 18:47 - 2014-08-11 19:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-08 19:09 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-28 21:46 - 2014-10-27 23:33 - 00767130 _____ C:\Windows\system32\perfh007.dat
2015-06-28 21:46 - 2014-10-27 23:33 - 00160216 _____ C:\Windows\system32\perfc007.dat
2015-06-28 21:46 - 2014-03-18 11:47 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 19:42 - 2015-03-09 18:23 - 00000000 ____D C:\Users\mar-sch\AppData\Local\CrashDumps
2015-06-22 20:47 - 2015-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-22 20:47 - 2015-03-09 18:41 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 20:33 - 2015-03-09 18:48 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 20:33 - 2015-03-09 18:48 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

==================== Files in the root of some directories =======

2014-10-27 15:58 - 2014-10-27 15:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\mar-sch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 17:56

==================== End of log ============================
         
--- --- ---

Alt 17.07.2015, 07:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1  mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Standard

Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen
adware, antivir, antivirus, avira, bonjour, browser, cpu, defender, device driver, downloader, google, hdd0(c:), mozilla, problem, programm, realtek, registry, security, services.exe, siteadvisor, software, svchost.exe, system, udp, warnung, windows, wlan



Ähnliche Themen: Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen


  1. Google Chrome öffnet laufend neue Fenster
    Plagegeister aller Art und deren Bekämpfung - 25.07.2015 (3)
  2. Google Chrome öffnet neuerdings Fenster mit Werbung
    Log-Analyse und Auswertung - 02.07.2015 (21)
  3. Windows 8.1 Chrome öffnet sporadisch leere Fenster
    Log-Analyse und Auswertung - 22.02.2015 (13)
  4. Google Chrome öffnet Pop-Up Fenster (Werbung) ohne das ich im Browser etwas mache
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (15)
  5. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  6. Web-Browser Google Chrome öffnet ständig Werbe-Fenster und neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (11)
  7. Windows 7 - Internetausfall, obwohl Verbindung besteht; Chrome öffnet ungefragt Fenster
    Plagegeister aller Art und deren Bekämpfung - 26.09.2014 (9)
  8. Windows 7: Chrome öffnet Fenster, Tabs und PopUps mit Werbung und Wörter doppelt blau unterstrichen
    Log-Analyse und Auswertung - 10.09.2014 (9)
  9. Google Chrome öffnet selbstständig Tabs und Fenster, auch wenn Browser geschlossen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2014 (19)
  10. Google Chrome öffnet ungewollt Werbung in einem neuen Fenster
    Log-Analyse und Auswertung - 12.06.2014 (11)
  11. Windows 7: Google Chrome öffnet von alleine Fenster mit Werbung
    Log-Analyse und Auswertung - 06.06.2014 (12)
  12. Windows 8: Chrome öffnet ständig ungefragt Fenster und Tabs
    Log-Analyse und Auswertung - 21.05.2014 (6)
  13. Windows 7 Ultimate: Google Chrome öffnet von alleine neue Fenster mit Werbung oder neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (19)
  14. Windows 7: Chrome öffnet weiße Popup Fenster
    Log-Analyse und Auswertung - 20.12.2013 (5)
  15. Windows 7: Google Chrome öffnet von alleine Fenster mit Werbung
    Log-Analyse und Auswertung - 28.10.2013 (9)
  16. Windows 7 Google Chrome Tabs öffnen sich ständig im neuen Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (11)
  17. Firefox öffnet mehrere Fenster mit Spielen, Partnerbörsen etc
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (34)

Zum Thema Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen - Ich habe das Problem das sich seit einiger Zeit bei meinem Hauptrechner sowie auf meinem Laptop immer wieder von Google Chrome selbstständig Fenster mit diversen Werbeseiten geöffnet werden. Den Laptop - Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen...
Archiv
Du betrachtest: Windows 8.1 mit Bing : Google Chrome öffnet Fenster mit Spielen, Wettseiten und sonstigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.