Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted pop-up


  • This topic is locked This topic is locked
5 replies to this topic

#1 fredtrumper

fredtrumper

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 26 February 2017 - 08:41 AM

Hi there,

yesterday on my laptop computer with windows 10 orperating system there appeared a pop-up with some photo. I closed it and did not save any informations about it, but later thought I need do something about ist. So I am here and ask for help.

Thank you

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
durchgeführt von wintermeyer (Administrator) auf NB-WINTERM-W10 (26-02-2017 14:28:26)
Gestartet von C:\Users\wintermeyer\Desktop
Geladene Profile: wintermeyer & ntp (Verfügbare Profile: wintermeyer & ntp)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\igfxCUIService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\NTP\bin\ntpd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\igfxEM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\IntelCpHeciSvc.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [555688 2015-09-24] (Lenovo.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-11-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-11-07] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-11-07] (Citrix Systems, Inc.)
HKU\S-1-5-21-2914276063-319496642-2830029081-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
Startup: C:\Users\wintermeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk [2017-01-08]
ShortcutTarget: Pidgin.lnk -> C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
GroupPolicy: Beschränkung <======= ACHTUNG
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-2914276063-319496642-2830029081-1001] => http://proxy.hq.kwsoft.de:3128
Tcpip\..\Interfaces\{af42a7b0-8890-43b9-804f-825270337fba}: [DhcpNameServer] 10.1.3.1 10.1.3.2
Tcpip\..\Interfaces\{bf146a1e-6513-42b2-bca0-7938be47baca}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{f5740f76-5aac-445d-9d06-d3371992a00f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2914276063-319496642-2830029081-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kwsoft.de/
HKU\S-1-5-21-2914276063-319496642-2830029081-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-2914276063-319496642-2830029081-1001 -> DefaultScope {CCD9EE75-F442-4176-A270-BCE8C157CFF9} URL =
SearchScopes: HKU\S-1-5-21-2914276063-319496642-2830029081-1001 -> {CCD9EE75-F442-4176-A270-BCE8C157CFF9} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-01-26] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-31] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-31] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-01-26] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 0s5q0eg0.default
FF ProfilePath: C:\Users\wintermeyer\AppData\Roaming\Mozilla\Firefox\Profiles\0s5q0eg0.default [2017-02-26]
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> backup.ftp", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> backup.socks", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> backup.ssl", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> ftp", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> http", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> socks", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> ssl", "proxy"
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\0s5q0eg0.default -> type", 0
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\wintermeyer\AppData\Roaming\Mozilla\Firefox\Profiles\0s5q0eg0.default\Extensions\2020Player_IKEA@2020Technologies.com [2017-02-04]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\wintermeyer\AppData\Roaming\Mozilla\Firefox\Profiles\0s5q0eg0.default\features\{c2663f2d-a14a-4710-a58f-6e4a2a220e2a}\disableSHA1rollout@mozilla.org.xpi [2017-02-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-10] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2017-01-26] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [105256 2016-05-19] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\IntelCpHeciSvc.exe [284144 2017-01-09] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\IntelCpHDCPSvc.exe [462832 2017-01-09] (Intel Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [Datei ist nicht signiert]
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-23] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\igfxCUIService.exe [324592 2017-01-09] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61768 2017-02-15] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-25] (Intel Corporation)
R2 Lenovo Instant On; C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe [3123728 2016-07-20] (Lenovo Group Limited)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [711256 2016-11-01] (Lenovo.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 NTP; C:\Program Files (x86)\NTP\bin\ntpd.exe [636112 2016-11-22] ()
R2 SAService; C:\WINDOWS\system32\SAsrv.exe [409088 2016-07-27] (Conexant Systems, Inc.) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SSSvc; C:\Program Files (x86)\SmartSense\SSSvc.exe [124744 2016-07-05] (Lenovo)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [86544 2016-10-21] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [56848 2016-10-21] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 svnserver; "C:\mExpress\m\svnportable\SVN\svnserve.exe" --service -r "C:\mExpress\m\svnportable\REPOS"

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309114.inf_amd64_9133a0f6cb9c56bb\atikmdag.sys [26569872 2016-11-28] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309114.inf_amd64_9133a0f6cb9c56bb\atikmpag.sys [529440 2016-11-28] (Advanced Micro Devices, Inc.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [551920 2016-10-09] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-27] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\ki120202.inf_amd64_d26b331c212b3353\igdkmd64.sys [11039704 2017-01-09] (Intel Corporation)
R1 InstantOn; C:\Program Files\Lenovo\InstantOn\InstantOn.sys [25856 2015-10-14] (Lenovo Group Limited)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7231248 2016-06-17] (Intel Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [754392 2015-07-16] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3130112 2016-07-12] (Realtek Semiconductor Corp.)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [40176 2016-10-21] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-26 14:28 - 2017-02-26 14:28 - 00026094 ____X C:\Users\wintermeyer\Desktop\FRST.txt
2017-02-26 14:27 - 2017-02-26 14:28 - 00000000 ____D C:\FRST
2017-02-26 14:26 - 2017-02-26 14:27 - 02423296 _____ (Farbar) C:\Users\wintermeyer\Desktop\FRST64.exe
2017-02-26 10:21 - 2017-02-26 10:21 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2017-02-24 12:00 - 2017-02-24 12:00 - 00000000 ____D C:\Users\winter\AppData\Roaming\TeamViewer
2017-02-24 09:57 - 2017-02-24 09:57 - 00000000 ____D C:\Users\winter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2017-02-23 16:54 - 2017-02-23 16:54 - 841354647 _____ C:\WINDOWS\MEMORY.DMP
2017-02-23 16:54 - 2017-02-23 16:54 - 00730412 _____ C:\WINDOWS\Minidump\022317-8250-01.dmp
2017-02-23 16:50 - 2017-02-23 16:50 - 00000165 ___HX C:\Users\wintermeyer\Desktop\~$Wohnungskalkulation.xlsx
2017-02-22 14:59 - 2017-02-23 17:07 - 00012710 _____ C:\Users\wintermeyer\Desktop\Wohnungskalkulation.xlsx
2017-02-21 22:35 - 2017-02-23 16:54 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-20 10:36 - 2017-01-09 16:29 - 00822248 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2017-02-15 20:26 - 2017-02-15 20:26 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-02-10 17:23 - 2017-02-10 18:17 - 00000000 _SHDX C:\Users\wintermeyer\Documents\cache
2017-02-10 17:23 - 2017-02-10 17:23 - 00490770 _____ C:\Users\wintermeyer\AppData\LocalLow\Pre57CA.tmp
2017-02-10 17:23 - 2017-02-10 17:23 - 00293860 _____ C:\Users\wintermeyer\AppData\LocalLow\Pre5B65.tmp
2017-02-10 17:23 - 2017-02-10 17:23 - 00190960 _____ C:\Users\wintermeyer\AppData\LocalLow\Pre55E5.tmp
2017-02-10 16:21 - 2017-02-10 16:21 - 00000000 ____D C:\Users\wintermeyer\AppData\Local\Macromedia
2017-02-10 11:08 - 2017-02-10 11:08 - 00000000 ____D C:\Users\winter\AppData\Local\Macromedia
2017-02-09 12:33 - 2017-02-09 12:32 - 00325132 _____ C:\Users\winter\Downloads\20160929 OneText TextPool Nutzung & Staging.pdf
2017-02-09 09:37 - 2017-02-09 09:37 - 00000000 ____D C:\Users\winter\AppData\Roaming\Macromedia
2017-02-08 13:21 - 2017-01-31 10:24 - 00025193 ____X C:\Users\wintermeyer\Desktop\Performance test PNW 25-27.1.odt
2017-02-08 13:21 - 2017-01-31 10:24 - 00018915 ____X C:\Users\wintermeyer\Desktop\Performance test PNW 25-27.1 results.ods
2017-02-08 09:06 - 2017-02-08 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-05 13:57 - 2017-02-05 13:58 - 00000000 ___DX C:\Users\wintermeyer\Desktop\Küche
2017-02-05 11:45 - 2017-02-05 11:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-05 11:45 - 2017-02-05 11:45 - 00000000 ____D C:\Users\wintermeyer\Tracing
2017-02-05 11:45 - 2017-02-05 11:45 - 00000000 ____D C:\ProgramData\Skype
2017-02-05 11:45 - 2017-02-05 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-03 11:18 - 2017-02-03 11:18 - 00000000 ____D C:\ProgramData\T-Com
2017-02-03 11:18 - 2017-02-03 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetPhone
2017-02-03 11:18 - 2017-02-03 11:18 - 00000000 ____D C:\Program Files (x86)\NetPhone Client
2017-02-03 09:48 - 2017-02-03 09:48 - 00083230 _____ C:\Users\winter\Desktop\Zahlungsreklamation_Kreditkarte_1822direkt.pdf
2017-02-03 09:38 - 2017-02-03 09:38 - 00041504 _____ C:\Users\winter\Desktop\Kreditkartenabrechnung_201701-1.pdf
2017-02-03 09:08 - 2017-02-24 09:57 - 00000000 ___RD C:\Users\winter\Dropbox
2017-02-03 08:49 - 2017-02-24 15:01 - 00000000 ____D C:\Users\winter\AppData\Local\Citrix
2017-02-03 08:49 - 2017-02-24 12:48 - 00000000 ____D C:\Users\winter\AppData\Roaming\ICAClient
2017-02-01 18:16 - 2017-02-23 14:53 - 00000000 ____D C:\Users\wintermeyer\AppData\Local\Citrix
2017-02-01 18:16 - 2017-02-21 10:53 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\ICAClient
2017-02-01 18:16 - 2017-02-01 18:16 - 00001642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2017-02-01 18:16 - 2017-02-01 18:16 - 00000000 ____D C:\ProgramData\Citrix
2017-02-01 18:16 - 2017-02-01 18:16 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-02-01 18:16 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-02-01 10:38 - 2017-01-09 16:29 - 00141312 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2017-02-01 10:38 - 2017-01-09 16:29 - 00112136 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2017-02-01 10:38 - 2017-01-09 16:29 - 00101376 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2017-02-01 10:37 - 2017-02-01 10:37 - 00000000 ____D C:\Users\wintermeyer\AppData\Local\Tvsukernel
2017-02-01 10:35 - 2017-02-01 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-02-01 10:35 - 2017-02-01 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-01-31 11:00 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-31 11:00 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-26 13:19 - 2016-12-23 14:36 - 00000000 ___RD C:\Users\wintermeyer\Dropbox
2017-02-26 13:19 - 2016-12-08 16:40 - 00000000 ____D C:\Users\wintermeyer\AppData\LocalLow\Mozilla
2017-02-26 13:12 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-26 12:44 - 2016-12-12 14:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-26 10:26 - 2016-12-08 15:35 - 00137919 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-02-26 10:26 - 2016-07-16 23:51 - 02451248 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-26 10:26 - 2016-07-16 23:51 - 00634938 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-26 10:26 - 2015-11-03 20:28 - 05060016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-26 10:25 - 2017-01-09 12:09 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{86934026-4AE1-411B-B8FD-4A53BF4B4DD9}
2017-02-26 10:21 - 2016-12-23 14:27 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\.purple
2017-02-26 10:21 - 2016-12-07 12:47 - 00000000 __SHD C:\Users\wintermeyer\IntelGraphicsProfiles
2017-02-26 10:19 - 2016-12-12 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-26 10:19 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Synaptics
2017-02-26 10:19 - 2016-12-08 18:34 - 00000000 ____D C:\ProgramData\VMware
2017-02-25 18:27 - 2016-12-12 14:53 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-25 18:27 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 18:07 - 2016-12-08 18:40 - 00000000 ____D C:\Users\wintermeyer\AppData\Local\VMware
2017-02-25 17:27 - 2016-12-08 18:40 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\VMware
2017-02-25 13:03 - 2016-12-21 16:54 - 00000000 ____D C:\Users\winter
2017-02-25 12:41 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 15:02 - 2016-12-21 16:58 - 00000000 ____D C:\Users\winter\AppData\LocalLow\Mozilla
2017-02-24 14:27 - 2016-12-23 14:24 - 00000000 ____D C:\Users\winter\AppData\Roaming\.purple
2017-02-24 13:41 - 2016-12-08 15:32 - 00000120 _____ C:\WINDOWS\system32\config\netlogon.ftl
2017-02-24 11:00 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-24 10:29 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-24 10:00 - 2016-12-28 12:48 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E519CEA3-AA7E-4EB7-BCAC-91355BE7A298}
2017-02-24 09:57 - 2016-12-21 16:55 - 00000000 __SHD C:\Users\winter\IntelGraphicsProfiles
2017-02-24 09:57 - 2016-12-21 16:55 - 00000000 ____D C:\Users\winter\AppData\Local\Packages
2017-02-23 17:09 - 2016-12-12 14:56 - 00000000 ____D C:\Users\wintermeyer
2017-02-23 17:09 - 2016-12-12 14:56 - 00000000 ____D C:\Users\ntp
2017-02-23 16:58 - 2016-12-08 16:42 - 00000000 ____D C:\Users\wintermeyer\AppData\Local\Microsoft Help
2017-02-22 08:58 - 2016-12-07 12:47 - 00000000 ____D C:\Users\wintermeyer\AppData\Local\Packages
2017-02-21 22:35 - 2016-08-13 20:41 - 01343415 ____N C:\WINDOWS\Minidump\022117-7140-01.dmp
2017-02-21 22:35 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-21 19:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-14 10:18 - 2016-12-23 11:16 - 00000000 ____D C:\Users\wintermeyer\.kwsoft
2017-02-10 18:17 - 2017-01-09 16:00 - 00000000 ____D C:\Users\wintermeyer\AppData\LocalLow\WebEx
2017-02-10 17:23 - 2017-01-09 17:16 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\webex
2017-02-10 17:23 - 2017-01-09 16:00 - 00000000 ____D C:\ProgramData\WebEx
2017-02-10 11:03 - 2016-12-27 10:29 - 00000000 ____D C:\Users\winter\AppData\Local\Adobe
2017-02-10 11:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-10 11:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-09 09:56 - 2016-12-08 15:42 - 00023851 __RSH C:\ProgramData\ntuser.pol
2017-02-09 09:44 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-08 09:06 - 2016-12-23 14:33 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-05 12:57 - 2016-12-07 12:50 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\Skype
2017-02-03 09:08 - 2016-12-27 08:56 - 00000000 ____D C:\Users\winter\AppData\Local\Dropbox
2017-02-01 10:39 - 2016-12-13 11:12 - 00000000 ____D C:\Intel
2017-02-01 10:36 - 2016-08-14 06:30 - 00000000 ____D C:\ProgramData\Lenovo
2017-02-01 10:36 - 2016-08-13 20:55 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-02-01 10:35 - 2016-12-12 15:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-02-01 09:15 - 2016-12-07 12:47 - 00000000 ____D C:\Users\wintermeyer\AppData\Roaming\Adobe
2017-01-31 11:01 - 2016-12-08 16:40 - 00000000 ____D C:\ProgramData\Oracle
2017-01-31 08:40 - 2016-12-27 15:05 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-31 08:40 - 2016-12-27 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-31 08:40 - 2016-12-27 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-31 08:40 - 2016-12-08 16:40 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-31 08:29 - 2016-12-23 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-31 08:29 - 2016-12-08 16:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 08:29 - 2016-12-08 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 08:22 - 2016-12-07 12:50 - 00002408 _____ C:\Users\wintermeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 08:22 - 2016-12-07 12:50 - 00000000 ___RD C:\Users\wintermeyer\OneDrive

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-12-12 14:54 - 2016-12-12 14:54 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-08-13 22:35 - 2016-08-13 22:35 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2016-08-13 22:33 - 2016-08-13 22:34 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2016-08-13 22:34 - 2016-08-13 22:35 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2016-08-13 22:35 - 2016-08-13 22:35 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Einige Dateien in TEMP:
====================
2016-12-28 11:07 - 2016-12-28 11:07 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-2545966760650095913.dll
2016-12-27 15:25 - 2016-12-27 15:26 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-2912223432220101593.dll
2016-12-27 09:34 - 2016-12-27 09:34 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-41192768950017427.dll
2016-12-27 12:09 - 2016-12-27 12:09 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-5188580550646134306.dll
2016-12-28 10:57 - 2016-12-28 10:57 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-5243110492190375913.dll
2016-12-28 11:43 - 2016-12-28 11:43 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-6156255525211926973.dll
2016-12-28 10:09 - 2016-12-28 10:09 - 0017408 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-32-8103608841205856093.dll
2016-12-27 14:17 - 2016-12-27 14:17 - 0019968 _____ (Red Hat®, Inc.) C:\Users\winter\AppData\Local\Temp\jansi-64-3286267773679846699.dll
2017-01-20 13:29 - 2012-10-02 12:18 - 0545416 _____ (Microsoft Corporation) C:\Users\winter\AppData\Local\Temp\OfficeSetup.exe
2017-01-31 08:39 - 2017-01-31 08:39 - 0739904 _____ (Oracle Corporation) C:\Users\wintermeyer\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-24 10:24

==================== Ende von FRST.txt ============================Attached File  Addition.txt   51.43KB   4 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 27 February 2017 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Beschränkung <======= ACHTUNG
GroupPolicyScripts: Beschränkung <======= ACHTUNG
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
Task: {E4980482-E88B-4E1F-AC60-34957E57A171} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


If the problem persists reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please let me know what problem persists with this computer.

#3 fredtrumper

fredtrumper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 27 February 2017 - 02:31 PM

Hello nasdaq

 

thank you. I did exactly as you told me. The problem (unwanted pop-up) occured only once, so I can't really tell if it is solved or not. I will do the Firefox reset and Cache clean and hope for the best.

 

Attached you will find the log files.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 28 February 2017 - 08:42 AM

Keep me posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 06 March 2017 - 07:40 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#6 fredtrumper

fredtrumper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:56 AM

Posted 06 March 2017 - 08:31 AM

Nothing was wrong up to now. I will read the guide and do whatever is recommended. Thank you for you help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users