TechSpot

Possible Malware/Adware etc infection?

By Florian
Mar 26, 2016
  1. Good morning to all and Happy Easter!
    I am located in Germany, a Computer semi-literate. Some days ago, I noticed weired behaviour I.e. while browsing the I-net, lots of windows poppeed up, asking me to install this or that, fake WINDOWS notifications etc. I have AVAST free version and scanned, found some, quarantined and deleted them, used Super-Anti-Spyware free edition, found some, deleted them. Found Malwarebytes-Antimalware, downloaded it and Mw found some more, deleted it. Everything seemed OK. For two days, I am noticing that my Notebook is very slow, opening of standard programs such as EXCEL, WORD take about one minute.

    I read some malware posts on this forum, became a member and downloaded Farbar, JRT.exe, adwcleaner 5.105 and Rogue Killer. But apart from Malwarebytes Anti-Malware, I have only installed Farbar, since I deducted from other posts that running Farbar and posting the two files FRST.txt and Addition.txt is the first step / standard procedure.
    What can / should I do now?
    Any help is greatly appreciated!
    Here is part 1 of FRST.txt. Unfortunately it seems too long as a whole file to post, so I cut it in several parts:


    Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    durchgeführt von Florian Robert (Administrator) auf FLORIAN (26-03-2016 07:24:25)
    Gestartet von C:\Users\Florian Robert\Desktop
    Geladene Profile: Florian Robert (Verfügbare Profile: Florian Robert)
    Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
    Internet Explorer Version 11 (Standard-Browser: FF)
    Start-Modus: Normal
    Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Prozesse (Nicht auf der Ausnahmeliste) =================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
    (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
    () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
    (Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
    (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
    (Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    (AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe


    ==================== Registry (Nicht auf der Ausnahmeliste) ===========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-09-29] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
    HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1409474061\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
    HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
    HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
    HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {6f730b64-3e72-11e4-826a-083e8eee820c} - "D:\LGAutoRun.exe"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775b79-2f9b-11e4-825e-c4544477a64a} - "D:\EasySuite.exe"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775bc4-2f9b-11e4-825e-c4544477a64a} - "E:\EasySuite.exe"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-03-08]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-08]
    ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

    ==================== Internet (Nicht auf der Ausnahmeliste) ====================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

    Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{04133109-4254-4054-9646-F72C15C37638}: [DhcpNameServer] 192.168.1.1
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-499248853-3292403601-2203723613-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
    BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
    BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei

    FireFox:
    ========
    FF ProfilePath: C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=22079&r=2015/02/22&hid=13470389669579871766&lg=EN&cc=DE&unqvl=82&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-21] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-21] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-499248853-3292403601-2203723613-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Florian Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
    FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-12-18]
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [ist nicht signiert]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-09]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-09]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

    ==================== Dienste (Nicht auf der Ausnahmeliste) ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
    R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel(R) Corporation)
    R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel(R) Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-01-18] (Acer Incorporate)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-04] (Acer Incorporate)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-04] (Acer Incorporate)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
    R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-01] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-20] (AVAST Software)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2013-09-07] (Broadcom Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-16] (Acer Incorporated)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
    R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
    S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
    S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-16] (Acer Incorporated)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    ==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
     
  2. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Sorry but it seems there is a limit of 50,000 characters per message and my files seem too long for that. Here is part 2 of FRST.txt:

    ==================== Ein Monat: Erstellte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2016-03-26 07:24 - 2016-03-26 07:25 - 00025905 _____ C:\Users\Florian Robert\Desktop\FRST.txt
    2016-03-26 07:24 - 2016-03-26 07:24 - 00000000 ____D C:\FRST
    2016-03-26 06:32 - 2016-03-26 06:32 - 02374144 _____ (Farbar) C:\Users\Florian Robert\Desktop\FRST64.exe
    2016-03-26 06:10 - 2016-03-26 06:10 - 19655240 _____ C:\Users\Florian Robert\Desktop\RogueKiller.exe
    2016-03-26 05:53 - 2016-03-26 05:53 - 01530368 _____ C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
    2016-03-26 05:45 - 2016-03-26 05:45 - 01610352 _____ (Malwarebytes) C:\Users\Florian Robert\Desktop\JRT.exe
    2016-03-26 05:20 - 2016-03-26 05:20 - 06868672 _____ (Piriform Ltd) C:\Users\Florian Robert\Downloads\ccsetup516.exe
    2016-03-24 04:40 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-03-24 04:40 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-03-24 04:40 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-03-24 04:40 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-03-24 04:40 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-03-24 04:40 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-03-24 04:39 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2016-03-24 04:39 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
    2016-03-24 04:39 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2016-03-24 04:39 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2016-03-24 04:39 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
    2016-03-24 04:39 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2016-03-24 04:39 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2016-03-24 04:39 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
    2016-03-24 04:39 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2016-03-24 04:39 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2016-03-24 04:39 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2016-03-24 04:39 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2016-03-24 04:39 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2016-03-24 04:36 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-03-24 04:36 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-03-24 04:36 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-03-24 04:36 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-03-24 04:36 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2016-03-24 04:36 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-03-24 04:36 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
    2016-03-24 04:36 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2016-03-24 04:36 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-03-24 04:36 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
    2016-03-24 04:36 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
    2016-03-24 04:36 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
    2016-03-24 04:36 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
    2016-03-24 04:36 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2016-03-24 04:36 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
    2016-03-24 04:36 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
    2016-03-24 04:36 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-03-24 04:36 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
    2016-03-24 04:36 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
    2016-03-24 04:36 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-03-24 04:36 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
    2016-03-24 04:36 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
    2016-03-24 04:36 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
    2016-03-24 04:36 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
    2016-03-24 04:36 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2016-03-24 04:36 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2016-03-24 04:36 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2016-03-24 04:36 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
    2016-03-24 04:36 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
    2016-03-24 04:36 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2016-03-24 04:36 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
    2016-03-24 04:36 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
    2016-03-24 04:36 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
    2016-03-24 04:36 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
    2016-03-24 04:36 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
    2016-03-24 04:36 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2016-03-24 04:36 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2016-03-24 04:36 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2016-03-24 04:33 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
    2016-03-24 04:33 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
    2016-03-24 04:32 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2016-03-24 04:32 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
    2016-03-24 04:31 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-03-24 04:31 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-03-24 04:31 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-03-24 04:31 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-03-24 04:31 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-03-24 04:31 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-03-24 04:31 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-03-24 04:31 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2016-03-24 04:31 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2016-03-24 04:31 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2016-03-24 04:31 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2016-03-24 04:31 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2016-03-24 04:31 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2016-03-24 04:31 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2016-03-24 04:31 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2016-03-24 04:31 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2016-03-24 04:31 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2016-03-23 03:50 - 2016-03-23 04:12 - 00003068 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458719394
    2016-03-23 03:50 - 2016-03-23 04:12 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-03-23 03:50 - 2016-03-23 03:50 - 00001057 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-03-23 03:48 - 2016-03-23 03:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-03-22 05:52 - 2016-03-22 05:52 - 00000562 _____ C:\Users\Florian Robert\Downloads\Stealth Trader v2.6.0.msi
    2016-03-12 07:46 - 2016-03-12 07:46 - 00001309 _____ C:\Malewarebytes log 12 March 2016.txt
    2016-03-10 04:38 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-03-10 04:38 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2016-03-10 04:38 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
    2016-03-10 04:38 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2016-03-10 04:38 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
    2016-03-10 04:38 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-03-10 04:38 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-03-10 04:38 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-03-10 04:38 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-03-10 04:38 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-03-10 04:38 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-03-10 04:38 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-03-10 04:38 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-03-10 04:38 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-03-10 04:38 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-03-10 04:38 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-03-10 04:38 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-03-10 04:38 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-03-10 04:38 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-03-10 04:38 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-03-10 04:38 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-03-10 04:38 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-03-10 04:38 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-03-10 04:38 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-03-10 04:38 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-03-10 04:38 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-03-10 04:38 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-03-10 04:38 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-03-10 04:38 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-03-10 04:38 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-03-10 04:38 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-03-10 04:38 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-03-10 04:38 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2016-03-10 04:38 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-03-10 04:38 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-03-10 04:38 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-03-10 04:38 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-03-10 04:38 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-03-10 04:38 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-03-10 04:37 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-03-10 04:33 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-03-10 04:33 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-03-10 04:33 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2016-03-10 04:33 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-03-10 04:33 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-03-10 04:33 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-03-10 04:33 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-03-10 04:33 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-03-10 04:33 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-03-10 04:33 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-03-10 04:33 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-03-10 04:33 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-03-10 04:33 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-03-10 04:33 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-03-10 04:33 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-03-10 04:33 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-03-10 04:33 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-03-10 04:33 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2016-03-10 04:33 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-03-10 04:33 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-03-10 04:32 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
    2016-03-10 04:32 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
    2016-03-10 04:32 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-03-10 04:32 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-03-10 04:31 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-03-10 04:30 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-03-10 04:30 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-03-10 04:30 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-03-10 04:30 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-03-10 04:30 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-03-10 04:29 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2016-03-10 04:29 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
    2016-03-09 02:58 - 2016-03-09 02:58 - 00001238 _____ C:\Malewarebytes log 09 March 2016.txt
    2016-03-08 17:17 - 2016-03-08 17:17 - 00001220 _____ C:\Malewarebytes log 08 March 2016.txt
    2016-03-08 16:25 - 2016-03-20 03:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-08 16:24 - 2016-03-08 17:23 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-08 16:24 - 2015-10-05 10:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-03-08 16:24 - 2015-10-05 10:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-03-08 16:24 - 2015-10-05 10:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-03-08 16:16 - 2016-03-08 16:17 - 22908888 _____ (Malwarebytes ) C:\Users\Florian Robert\Downloads\mbam-setup-2.2.0.1024.exe
    2016-03-08 09:02 - 2016-03-08 09:03 - 00013824 ___SH C:\Users\Florian Robert\Desktop\Thumbs.db
    2016-03-08 09:01 - 2016-03-08 09:01 - 00000000 ____D C:\Users\Florian Robert\Documents\ProcAlyzer Dumps
    2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\Program Files (x86)\Windows Kits
    2016-03-07 11:05 - 2016-03-07 11:05 - 00000000 ____D C:\Users\Florian Robert\Documents\Avast Config
    2016-03-07 05:12 - 2015-07-05 14:49 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20160307-041220.backup
    2016-03-07 04:48 - 2016-03-07 04:48 - 00001244 _____ C:\Windows\wininit.ini
    2016-03-06 18:52 - 2016-03-07 10:04 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\app
    2016-03-06 12:56 - 2016-03-08 17:22 - 00001916 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
    2016-03-06 11:54 - 2016-03-06 11:54 - 01806364 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-03-04 11:42 - 2016-03-04 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotto Architect 2.2
    2016-02-26 09:55 - 2016-01-06 14:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-02-26 09:55 - 2015-12-30 17:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2016-02-26 09:54 - 2016-01-24 14:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2016-02-26 09:54 - 2016-01-24 14:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
    2016-02-26 09:54 - 2016-01-24 07:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
    2016-02-26 09:54 - 2016-01-24 07:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
    2016-02-26 09:54 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
    2016-02-26 09:54 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
    2016-02-26 09:54 - 2016-01-08 21:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2016-02-26 09:53 - 2016-01-10 12:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2016-02-26 09:53 - 2016-01-10 12:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2016-02-26 09:53 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2016-02-26 09:53 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
    2016-02-26 09:53 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
    2016-02-26 09:53 - 2015-11-19 10:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2016-02-26 09:53 - 2015-11-19 10:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2016-02-26 09:52 - 2015-12-30 16:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2016-02-26 09:52 - 2015-12-20 10:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
    2016-02-26 09:52 - 2015-12-20 10:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
    2016-02-26 09:52 - 2015-12-20 10:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
    2016-02-26 09:51 - 2016-01-05 11:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2016-02-25 19:00 - 2016-02-25 19:00 - 00000000 ____D C:\Users\Florian Robert\Documents\Test Archive Genesis
    2016-02-25 18:52 - 2004-03-09 01:00 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
    2016-02-25 18:12 - 2016-02-25 19:05 - 00000000 ____D C:\Users\Florian Robert\Documents\Pages
    2016-02-25 18:12 - 2016-02-25 18:12 - 00000000 ____D C:\Users\Florian Robert\Documents\Req
    2016-02-25 18:12 - 2016-02-23 11:25 - 00051911 _____ C:\Users\Florian Robert\Documents\Cus00004^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00036257 _____ C:\Users\Florian Robert\Documents\Cus00005^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00033546 _____ C:\Users\Florian Robert\Documents\Cus00003^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00031705 _____ C:\Users\Florian Robert\Documents\Cus00002^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030162 _____ C:\Users\Florian Robert\Documents\Cus00006.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030161 _____ C:\Users\Florian Robert\Documents\Cus00007.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030155 _____ C:\Users\Florian Robert\Documents\Cus00004.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030128 _____ C:\Users\Florian Robert\Documents\Cus00002.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030123 _____ C:\Users\Florian Robert\Documents\Cus00003.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030122 _____ C:\Users\Florian Robert\Documents\Cus00005.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00030106 _____ C:\Users\Florian Robert\Documents\Cus00001.CHT
    2016-02-25 18:12 - 2016-02-23 11:25 - 00016537 _____ C:\Users\Florian Robert\Documents\Cus00001^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00013845 _____ C:\Users\Florian Robert\Documents\Cus00007^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00012997 _____ C:\Users\Florian Robert\Documents\Cus00006^242585.ANO
    2016-02-25 18:12 - 2016-02-23 11:25 - 00000810 _____ C:\Users\Florian Robert\Documents\Charts.cfg
    2016-02-25 18:12 - 2016-01-28 12:27 - 00000959 _____ C:\Users\Florian Robert\Documents\^18168.ANO
    2016-02-25 18:12 - 2016-01-23 03:22 - 00001342 _____ C:\Users\Florian Robert\Documents\^239095.ANO
    2016-02-25 18:12 - 2016-01-22 05:16 - 00000633 _____ C:\Users\Florian Robert\Documents\^20082.ANO
    2016-02-25 18:12 - 2016-01-22 05:08 - 00001334 _____ C:\Users\Florian Robert\Documents\^6826.ANO
    2016-02-25 18:12 - 2016-01-22 04:58 - 00000432 _____ C:\Users\Florian Robert\Documents\^4638.ANO
    2016-02-25 18:12 - 2016-01-22 04:32 - 00000561 _____ C:\Users\Florian Robert\Documents\^62072.ANO
    2016-02-25 18:12 - 2016-01-21 07:23 - 00001263 _____ C:\Users\Florian Robert\Documents\^49875.ANO
    2016-02-25 18:12 - 2016-01-20 13:52 - 00000901 _____ C:\Users\Florian Robert\Documents\^17913.ANO
    2016-02-25 18:12 - 2016-01-20 13:22 - 00001786 _____ C:\Users\Florian Robert\Documents\^27.ANO
    2016-02-25 18:12 - 2016-01-20 12:54 - 00000903 _____ C:\Users\Florian Robert\Documents\^10223.ANO
    2016-02-25 18:12 - 2016-01-20 06:14 - 00000837 _____ C:\Users\Florian Robert\Documents\^5827.ANO
    2016-02-25 18:12 - 2016-01-19 05:39 - 00000010 _____ C:\Users\Florian Robert\Documents\Page.flg
    2016-02-25 18:12 - 2016-01-18 17:49 - 00003108 _____ C:\Users\Florian Robert\Documents\^1680.ANO
    2016-02-25 18:12 - 2016-01-18 17:49 - 00001783 _____ C:\Users\Florian Robert\Documents\^45540.ANO
    2016-02-25 18:12 - 2016-01-18 17:49 - 00000900 _____ C:\Users\Florian Robert\Documents\^68101.ANO
    2016-02-25 18:12 - 2016-01-18 13:19 - 00000577 _____ C:\Users\Florian Robert\Documents\^23626.ANO
    2016-02-25 18:12 - 2016-01-18 13:19 - 00000515 _____ C:\Users\Florian Robert\Documents\^118352.ANO
    2016-02-25 18:12 - 2016-01-16 16:02 - 00001239 _____ C:\Users\Florian Robert\Documents\^207994.ANO
    2016-02-25 18:12 - 2016-01-15 06:43 - 00000886 _____ C:\Users\Florian Robert\Documents\^115253.ANO
    2016-02-25 18:12 - 2016-01-15 05:45 - 00000437 _____ C:\Users\Florian Robert\Documents\^64834.ANO
    2016-02-25 18:12 - 2016-01-01 07:28 - 00000888 _____ C:\Users\Florian Robert\Documents\^5994.ANO
    2016-02-25 18:12 - 2016-01-01 06:56 - 00000446 _____ C:\Users\Florian Robert\Documents\^2596.ANO
    2016-02-25 18:12 - 2016-01-01 06:06 - 00000881 _____ C:\Users\Florian Robert\Documents\^42559.ANO
    2016-02-25 18:12 - 2015-12-31 04:04 - 00002678 _____ C:\Users\Florian Robert\Documents\^229273.ANO
    2016-02-25 18:12 - 2015-12-30 04:09 - 00000888 _____ C:\Users\Florian Robert\Documents\^243603.ANO
    2016-02-25 18:12 - 2015-12-22 03:58 - 00001335 _____ C:\Users\Florian Robert\Documents\^16369.ANO
    2016-02-25 18:12 - 2015-12-18 04:38 - 00000448 _____ C:\Users\Florian Robert\Documents\^13099.ANO
    2016-02-25 18:12 - 2015-12-17 15:21 - 00002249 _____ C:\Users\Florian Robert\Documents\^82859.ANO
    2016-02-25 18:12 - 2015-12-17 15:21 - 00001755 _____ C:\Users\Florian Robert\Documents\^22276.ANO
    2016-02-25 18:12 - 2015-11-20 12:44 - 00000447 _____ C:\Users\Florian Robert\Documents\^243526.ANO
    2016-02-25 18:12 - 2015-11-18 12:54 - 00000903 _____ C:\Users\Florian Robert\Documents\^87352.ANO
    2016-02-25 18:12 - 2015-10-29 06:05 - 00000442 _____ C:\Users\Florian Robert\Documents\^49924.ANO
    2016-02-25 18:12 - 2013-12-27 13:24 - 00000765 _____ C:\Users\Florian Robert\Documents\^114192.ANO
    2016-02-25 18:12 - 2013-12-25 16:41 - 00001130 _____ C:\Users\Florian Robert\Documents\Replay^118293.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00007^229273.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00006^229273.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00005^229273.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00004^229273.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00003^229273.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00002^229273.ANO
    2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00001^229273.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00007^223581.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00006^223581.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00005^223581.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00004^223581.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00003^223581.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00002^223581.ANO
    2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00001^223581.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00007^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00006^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00005^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00004^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00003^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00002^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00001^240656.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00007^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00006^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00005^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00004^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00003^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00002^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00001^243603.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00007^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00006^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00005^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00004^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00003^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00002^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00001^113909.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00007^114202.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00006^114202.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00005^114202.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00004^114202.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00003^114202.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00002^114202.ANO
    2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00001^114202.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00007^3371.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00006^3371.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00005^3371.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00004^3371.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00003^3371.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00002^3371.ANO
    2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00001^3371.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00007^25949.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00006^25949.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00005^25949.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00004^25949.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00003^25949.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00002^25949.ANO
    2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00001^25949.ANO
    2016-02-25 18:08 - 2016-02-25 18:08 - 82677976 _____ C:\Users\Florian Robert\Desktop\tninstall.exe

    ==================== Ein Monat: Geänderte Dateien und Ordner ========
     
  3. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Sorry, here is part 3 of FRST.txt :

    ==================== Ein Monat: Geänderte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2016-03-26 07:06 - 2016-02-23 12:42 - 00000632 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
    2016-03-26 06:51 - 2016-02-23 12:42 - 00000728 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
    2016-03-26 06:46 - 2016-02-10 20:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-03-26 06:44 - 2015-06-26 05:39 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-26 06:25 - 2014-09-10 08:16 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\CrashDumps
    2016-03-26 05:29 - 2014-09-15 10:32 - 00000000 ____D C:\Users\Florian Robert\Documents\Registry changes log
    2016-03-26 05:26 - 2014-08-29 13:01 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-499248853-3292403601-2203723613-1001
    2016-03-26 05:26 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
    2016-03-26 05:21 - 2015-05-18 04:03 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-03-26 04:45 - 2014-04-24 21:06 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2016-03-26 04:03 - 2014-05-30 00:22 - 00784836 _____ C:\Windows\system32\perfh007.dat
    2016-03-26 04:03 - 2014-05-30 00:22 - 00165004 _____ C:\Windows\system32\perfc007.dat
    2016-03-26 04:03 - 2014-03-18 06:03 - 01814802 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-26 04:02 - 2014-08-29 12:55 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform
    2016-03-26 03:59 - 2015-06-26 05:39 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-26 03:59 - 2014-09-12 10:36 - 00000000 ____D C:\Users\Florian Robert\OneDrive
    2016-03-26 03:55 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-25 16:22 - 2014-09-10 11:17 - 00000344 _____ C:\Windows\lgfwup.ini
    2016-03-25 16:22 - 2014-09-10 11:17 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
    2016-03-25 14:55 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-03-25 03:56 - 2015-12-06 04:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\system32\GWX
    2016-03-24 04:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
    2016-03-24 04:50 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-03-24 01:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-03-23 14:16 - 2016-02-23 12:42 - 00003744 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001
    2016-03-23 14:16 - 2016-02-23 12:42 - 00003648 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001
    2016-03-23 13:03 - 2014-08-29 12:55 - 00000000 ____D C:\Users\Florian Robert
    2016-03-23 03:47 - 2014-11-20 09:13 - 00000000 ____D C:\Program Files\AVAST Software
    2016-03-23 03:47 - 2014-11-20 09:12 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-03-22 13:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-03-22 05:29 - 2014-09-06 04:27 - 00000000 ____D C:\Users\Florian Robert\Documents\Outlook-Dateien
    2016-03-21 07:25 - 2014-08-29 12:56 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\Packages
    2016-03-21 04:58 - 2014-11-18 12:53 - 00000891 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-03-21 04:56 - 2016-02-12 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-03-21 04:53 - 2016-02-10 20:35 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-03-17 17:57 - 2014-09-12 11:02 - 00000000 ____D C:\Users\Florian Robert\AppData\Roaming\Skype
    2016-03-16 10:22 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-03-16 10:17 - 2014-08-30 05:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-03-15 12:42 - 2014-08-31 04:54 - 00000054 _____ C:\Windows\NavWin.INI
    2016-03-12 11:14 - 2014-08-29 12:58 - 00002446 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2016-03-12 09:19 - 2014-11-20 09:14 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-03-12 09:19 - 2014-11-20 09:14 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2016-03-12 08:39 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-12 04:59 - 2015-10-31 03:38 - 00003336 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
    2016-03-10 05:08 - 2013-08-22 10:44 - 00381504 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-03-10 05:05 - 2015-04-15 05:40 - 00000000 ____D C:\Windows\system32\appraiser
    2016-03-10 04:43 - 2014-09-05 02:25 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-03-10 04:43 - 2014-09-05 02:25 - 00000000 ____D C:\Windows\system32\MRT
    2016-03-09 00:22 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
    2016-03-08 17:23 - 2015-11-29 05:50 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-03-08 17:23 - 2015-09-14 13:23 - 00000778 _____ C:\Users\Public\Desktop\System Advisor Model (x64).lnk
    2016-03-08 17:23 - 2015-07-20 03:02 - 00002643 _____ C:\Users\Public\Desktop\Stealth Trader v2.5.3.lnk
    2016-03-08 17:23 - 2015-06-26 05:41 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
    2016-03-08 17:23 - 2014-12-23 13:07 - 00000890 _____ C:\Users\Public\Desktop\PDFCreator.lnk
    2016-03-08 17:23 - 2014-11-20 09:15 - 00002022 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-03-08 17:23 - 2014-11-04 13:38 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2016-03-08 17:23 - 2014-10-29 13:25 - 00001862 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-03-08 17:23 - 2014-10-29 13:01 - 00001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-03-08 17:23 - 2014-10-29 13:01 - 00001349 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-03-08 17:23 - 2014-10-19 06:43 - 00002745 _____ C:\Users\Public\Desktop\MarginCalculator.exe.lnk
    2016-03-08 17:23 - 2014-09-15 07:11 - 00000999 _____ C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    2016-03-08 17:23 - 2014-09-02 02:14 - 00001778 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2016-03-08 17:23 - 2014-09-02 02:13 - 00001712 _____ C:\Users\Public\Desktop\Recuva.lnk
    2016-03-08 17:23 - 2014-08-31 04:53 - 00001735 _____ C:\Users\Public\Desktop\Trade Navigator.lnk
    2016-03-08 17:23 - 2014-08-31 04:46 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-03-08 17:23 - 2014-08-31 04:46 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-03-08 17:23 - 2014-08-31 04:35 - 00000918 _____ C:\Users\Public\Desktop\AOL 9.0 VR.lnk
    2016-03-08 17:23 - 2014-05-29 15:41 - 00001245 _____ C:\Users\Public\Desktop\Help and Support.lnk
    2016-03-08 17:23 - 2014-04-24 21:14 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2016-03-08 17:23 - 2014-01-03 21:31 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    2016-03-08 17:23 - 2013-12-29 06:05 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2016-03-08 17:22 - 2016-02-23 12:42 - 00002623 _____ C:\Users\Florian Robert\Desktop\GoToMeeting Quick Connect.lnk
    2016-03-08 17:22 - 2015-01-07 07:11 - 00001647 _____ C:\Users\Florian Robert\Desktop\Canon MG3500 series Printer (LAMBARENE) - Verknüpfung.lnk
    2016-03-08 17:22 - 2014-11-09 11:02 - 00001458 _____ C:\Users\Florian Robert\Desktop\gimp-2.8.exe - Verknüpfung.lnk
    2016-03-08 17:22 - 2014-10-22 04:41 - 00002321 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert.lnk
    2016-03-08 17:22 - 2014-10-22 04:41 - 00002271 _____ C:\Users\Florian Robert\Desktop\Convert.lnk
    2016-03-08 17:22 - 2014-10-15 11:17 - 00003099 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
    2016-03-08 17:22 - 2014-09-15 07:11 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
    2016-03-08 17:22 - 2014-09-15 03:25 - 00001176 _____ C:\Users\Florian Robert\Desktop\Genie Media Servers (Lambarene[Windows]) - Verknüpfung.lnk
    2016-03-08 17:22 - 2014-08-29 12:58 - 00002450 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    2016-03-08 17:22 - 2014-08-29 12:56 - 00001276 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
    2016-03-08 17:22 - 2014-08-29 12:55 - 00000469 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2016-03-08 17:22 - 2014-08-29 12:55 - 00000467 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2016-03-08 17:20 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
    2016-03-08 03:00 - 2015-10-15 03:25 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-03-08 03:00 - 2015-10-15 03:25 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-03-07 10:37 - 2014-12-29 04:35 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\PDFCreator
    2016-03-04 03:58 - 2014-10-29 13:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-03-01 04:30 - 2014-11-20 09:14 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

    ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

    2014-06-20 09:30 - 2014-06-20 09:30 - 0005293 _____ () C:\Users\Florian Robert\AppData\Roaming\Margin.ini
    2014-11-18 12:23 - 2014-12-10 13:45 - 0007168 _____ () C:\Users\Florian Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-09 05:57 - 2015-02-09 05:57 - 0001610 _____ () C:\Users\Florian Robert\AppData\Local\recently-used.xbel
    2015-08-14 03:04 - 2015-08-14 03:04 - 0007605 _____ () C:\Users\Florian Robert\AppData\Local\Resmon.ResmonCfg
    2014-05-29 15:11 - 2014-05-29 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap =================

    (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

    C:\Windows\system32\winlogon.exe => Datei ist digital signiert
    C:\Windows\system32\wininit.exe => Datei ist digital signiert
    C:\Windows\explorer.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
    C:\Windows\system32\svchost.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
    C:\Windows\system32\services.exe => Datei ist digital signiert
    C:\Windows\system32\User32.dll => Datei ist digital signiert
    C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
    C:\Windows\system32\userinit.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
    C:\Windows\system32\rpcss.dll => Datei ist digital signiert
    C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
    C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
    C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


    LastRegBack: 2016-03-25 11:05

    ==================== Ende von FRST.txt ============================
     
  4. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Here is the Addition.txt file: Part1
    Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    durchgeführt von Florian Robert (2016-03-26 07:26:59)
    Gestartet von C:\Users\Florian Robert\Desktop
    Windows 8.1 (X64) (2014-08-29 16:55:45)
    Start-Modus: Normal
    ==========================================================


    ==================== Konten: =============================

    Administrator (S-1-5-21-499248853-3292403601-2203723613-500 - Administrator - Disabled)
    Florian Robert (S-1-5-21-499248853-3292403601-2203723613-1001 - Administrator - Enabled) => C:\Users\Florian Robert
    Gast (S-1-5-21-499248853-3292403601-2203723613-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-499248853-3292403601-2203723613-1005 - Limited - Enabled)

    ==================== Sicherheits-Center ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installierte Programme ======================

    (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

    7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
    abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.02.2002 - Acer Incorporated)
    abFiles Shell Extension (HKLM-x32\...\{0E1996B9-B733-4096-8FD7-239850ED0B2A}) (Version: 2.00.3001 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8103 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3010 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.103.2020.206 - Alps Electric)
    AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
    AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
    eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
    FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
    GenesisDependencyInstaller (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1d1c516df34faca9) (Version: 3.2.1.40 - Microsoft)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
    Host App Service (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\SweetLabs_AP) (Version: 0.269.7.911 - Pokki)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
    Intel(R) Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
    Intel(R) Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
    Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
    Joulemeter (HKLM-x32\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
    LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
    MainConceptDemoCodecs (HKLM-x32\...\{587CC611-95FA-442B-852D-A9B0DEC5C09B}) (Version: 1.01.0000 - Kummert GmbH)
    Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarginCalculator (HKLM-x32\...\{07292B57-7EEB-4C68-8353-F2C03F6743E0}) (Version: 2.00.14000 - Eurex)
    Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
    NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
    NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
    Pokki Start Menu (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.911 - Pokki)
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
    SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
    SAM 2015.6.30 (HKLM\...\{4A0EDADE-6CE6-4CB4-907E-1401911B4D6D}_is1) (Version: - National Renewable Energy Laboratory)
    Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Stealth Trader (HKLM-x32\...\{CE6E1500-5269-43C4-A27F-7EF642F806B1}) (Version: 2.5.3 - Epcylon Technologies, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version: - )
    Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
    Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
    Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
    Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
    WinnaLotto (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
    YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden

    ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    Task: {043C04C0-912E-448F-9516-625F063EBDE9} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
    Task: {1983AFC4-A91E-4338-A4E4-40606A7D34C1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
    Task: {1E0C86D9-7717-418B-85BE-2151801B1F08} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
    Task: {2B542F11-20B4-4B91-B8BA-F18531BDBF75} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-01-18] (Acer Incorporate)
    Task: {2C264D81-BE2A-43BB-96C7-5508AA420BDB} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
    Task: {2F02F91C-6817-4DA6-AA8A-AC9905A57956} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
    Task: {33C4A5C4-D772-46D4-B928-13EC11E6101A} - System32\Tasks\Florian Robert => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
    Task: {351066C4-9910-4753-9921-D875855DB128} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
    Task: {376E85C0-980F-4705-ABCF-32E2A31DE151} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
    Task: {38A47185-4F3D-41B3-839F-9D70B8F405F4} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
    Task: {512A3B5F-7206-42CD-BCEC-D57628D69156} - System32\Tasks\SafeZone scheduled Autoupdate 1458719394 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
    Task: {52ECB692-4B94-458B-8241-D436CFB282D1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
    Task: {53306C79-0E98-4DD7-BFBB-AB4BCDE6BDC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-21] (Adobe Systems Incorporated)
    Task: {612E08FE-7398-4B89-BEEB-C22736E637DF} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
    Task: {647F822C-5494-497D-9126-3EAF611C1AED} - System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {6D6C0714-71EC-43F7-BB8A-6BDE5EE97DF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {70E30D3F-7F5A-4465-B3D4-FE57FF72C816} - System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {72CBF039-634D-4EB3-9FF0-D4242D961C7E} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
    Task: {7BCCFA01-BBFC-4E6B-A57D-0DB0D0E6E2EC} - System32\Tasks\Florian Robert Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
    Task: {7DD729FA-E5F2-41F1-952E-4EDF5A7BEB26} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
    Task: {81369795-B8A7-4282-AF85-36607ED59EAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
    Task: {83004E22-6DBD-4EF6-A67C-2081A6DBE7A2} - System32\Tasks\SweetLabs App Platform => C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-03-10] (Pokki)
    Task: {833A8C49-7BA2-47F4-94FB-4EDCDAD6D4C7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
    Task: {84A2C329-5D8A-4F1B-A486-37102291120B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
    Task: {8516AB4D-CDB3-4941-B482-E741EFE1E2F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
    Task: {8911D987-EA05-4426-9260-40C3ABF4013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
    Task: {8D6A02C4-DF12-4C14-84A5-85855FD8FF32} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
    Task: {91835FDF-0EAA-44AB-A585-48BC7C6DAA76} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
    Task: {9D4AE1C4-0189-4D31-A5B4-B900283B877C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
    Task: {A4587FAC-2F27-40DD-B379-0025AEA88938} - System32\Tasks\Florian Robert DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
    Task: {D7AFA013-901F-4AB8-9104-3ED5E1A2859D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
    Task: {E053A28F-2488-46AE-AF68-51CCA551B9B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
    Task: {E3B3D0C5-6CC1-4960-874E-33A0A8BAC849} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-04] (Microsoft Corporation)
    Task: {F071FE89-9903-4294-96D1-28B3F4B97842} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
    Task: {F512499D-FBA8-4EF0-9B40-1B17B017C409} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-09] (AVAST Software)
    Task: {FC50D263-9778-4E50-AD07-8E43C0153FEF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Verknüpfungen =============================

    (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

    ==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

    2014-05-29 14:53 - 2014-03-24 08:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-09-06 04:01 - 2012-06-21 01:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
    2013-09-04 14:13 - 2013-09-04 14:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2014-08-30 05:26 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-07-07 05:44 - 2015-07-07 05:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
    2015-12-03 07:43 - 2015-12-03 07:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
    2014-05-29 15:29 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2014-05-29 15:35 - 2014-01-03 08:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2013-07-08 12:53 - 2013-07-08 12:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
    2015-11-23 13:44 - 2015-11-23 13:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    2016-02-09 09:18 - 2016-02-09 09:18 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-02-09 09:18 - 2016-02-09 09:18 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-03-25 16:19 - 2016-03-25 16:19 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032501\algo.dll
    2016-02-09 09:18 - 2016-02-09 09:18 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2014-10-29 13:00 - 2014-05-13 07:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-10-29 13:00 - 2014-05-13 07:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-10-29 13:00 - 2014-05-13 07:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-10-29 13:00 - 2012-08-23 05:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-10-29 13:00 - 2012-04-03 12:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-05-29 14:55 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-12-03 10:21 - 2015-12-03 10:21 - 00202456 _____ () C:\Program Files (x86)\Acer\abMedia\curllib.dll
    2015-12-03 10:23 - 2015-12-03 10:23 - 00654000 _____ () C:\Program Files (x86)\Acer\abMedia\sqlite3.dll
    2015-12-03 10:23 - 2015-12-03 10:23 - 00641240 _____ () C:\Program Files (x86)\Acer\abMedia\tag.dll
    2015-12-03 10:23 - 2015-12-03 10:23 - 00119000 _____ () C:\Program Files (x86)\Acer\abMedia\OpenLDAP.dll
    2016-02-05 15:06 - 2016-02-05 15:06 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2016-01-14 18:12 - 2016-01-14 18:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2016-01-14 18:11 - 2016-01-14 18:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2016-01-19 16:06 - 2016-01-19 16:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
    2016-01-19 16:06 - 2016-01-19 16:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
    2014-11-15 06:55 - 2016-02-22 22:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2011-03-09 08:21 - 2011-03-09 08:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2011-03-09 08:21 - 2011-03-09 08:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2015-12-06 04:21 - 2015-12-06 04:21 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-03-08 21:33 - 2016-03-08 21:33 - 00569856 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
    2016-03-08 21:33 - 2016-03-08 21:33 - 01400846 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
    2016-03-08 21:33 - 2016-03-08 21:33 - 00151054 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
    2016-03-08 21:33 - 2016-03-08 21:33 - 00222734 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
    2014-02-13 18:26 - 2014-02-13 18:26 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
    2014-02-13 18:26 - 2014-02-13 18:26 - 21117952 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
    2014-02-13 18:26 - 2014-02-13 18:26 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
    2014-02-13 18:26 - 2014-02-13 18:26 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll

    ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


    ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


    ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    Da befinden sich 7872 mehr Seiten.

    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123simsen.com -> www.123simsen.com

    Da befinden sich 7872 mehr Seiten.


    ==================== Hosts Inhalt: ==========================

    (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

    2013-08-22 09:25 - 2016-03-07 05:12 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    Da befinden sich 15471 zusätzliche Einträge.


    ==================== Andere Bereiche ============================
     
  5. Florian

    Florian TS Rookie Topic Starter Posts: 29

    And here is Part 2 of Additions.txt:

    ==================== Andere Bereiche ============================

    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall ist aktiviert.

    ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

    HKLM\...\StartupApproved\Run32: => "HostManager"
    HKLM\...\StartupApproved\Run32: => "DBAgent"
    HKLM\...\StartupApproved\Run32: => "FreePDF Assistant"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Uploader"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Spotify Web Helper"

    ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{BE63103F-01FE-4676-8B94-97D7DC811EC5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
    FirewallRules: [{528BC9F1-A002-4ECF-9F06-1A777F61C024}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
    FirewallRules: [{1B781FC7-4111-4EC1-9A81-7C5202337095}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{AEC31969-333F-40C6-A19B-573BC8622596}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{ADEE17FA-9B20-4698-A30F-DF632BAFB8E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{E84B5257-4EA8-4495-ACEE-02B49E7A1E21}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{BA38BBD5-5942-4246-A968-37972E3F5654}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{D57CC8DF-6A80-4F40-B14A-C4EF81BC03C4}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{63FA8E33-7307-4637-96BC-42B4570236AF}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{E283BB9B-4C7F-4707-B7A7-DA251AEB87D7}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{E20EF89D-36B3-4D32-A69B-FE8471EB0BF2}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{518B10CC-5BCE-47F9-8B4A-0FDFF7083F3D}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
    FirewallRules: [{84645464-4B73-4F87-9287-60D56F609122}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
    FirewallRules: [{1A945F5A-9CF6-4649-B28C-B7521349F578}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{A2034403-65A3-4FAC-A780-B83C4837CB90}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{AE7EA85D-1AAD-4E96-8E30-786DEFC31BC0}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{27A73335-38CB-473B-8719-3F89C3588F3C}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{3E062DC1-DBDA-4906-A7AC-EE6B9EAFC95F}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{6D5DB314-940C-4545-A2BC-BBC5CEFA27FC}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{2D2B4A18-FC98-49E3-BADA-F89C6BA5817E}] => (Allow) LPort=8888
    FirewallRules: [{7E5C0E00-F608-4F40-BFE0-58FBA197FE4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{158D565F-2419-4588-A26F-905FEC645665}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{CFD355E3-DD15-42FE-861A-E0CBE1511910}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{B8CD7291-1844-4BF7-BAC1-0C3C31F20E73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{6B6D5368-7C75-4DC5-8E5C-4019E1D2812D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DC807A60-CACA-4A62-B954-3839B9656727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DD59612C-C005-4513-917C-FB78A8A7CA2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DFA8515A-B676-480B-AC7B-5A55E745A4BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A0FB273A-11A8-4A30-8031-F80B0533EF6F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{13CD43FF-4354-414D-9E61-9256B9D034D6}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{5DBA44E4-BC86-41DF-8656-D5F69171780E}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{23E3590C-EDF8-435A-904C-00B66EBEC9C1}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{51512AF6-109A-47E4-9291-3DFFD9F28E2A}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{ABC1AD0D-94D6-4C5B-8B21-8880546513CF}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{439882BE-72FB-49BE-8DCF-76FFEB4DBF54}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{A61CAB5D-CEA7-4199-9163-33190848D109}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{8D682E05-E80B-4411-A4C0-60CF78AA5D5B}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{6710D04F-8592-44DF-AFF6-6177A73D7BD9}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{D7ECA97D-7AC5-4D49-AA9C-F53AB9A7AC07}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{08B72412-0F80-4ED1-B85C-851E4B153342}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{1F4D17B4-4E5D-45A4-B073-E9A1704A8D8D}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{7827D62E-89F8-494E-9B58-37B3A3169CBA}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{CE064D7C-0584-407A-93DB-BE0062827D51}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{BDF7047E-0755-4460-93AA-8E018DC7C774}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{1B90EE3C-2C85-44CE-9A9E-E594814EC60F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{4BD0D59F-776D-4236-BD8C-B2897A74A348}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{406D9472-5134-4699-A54F-6B2D264CCC91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{84FDCAAE-AF87-474E-B31F-6A4C41FB170F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A186846E-3CC9-4BED-B766-FE5DB5012C64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A5A7918D-CCA9-456A-A26F-DC07569C72FB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{C953820C-8A83-4BF2-BF9B-9CD18405DB56}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{6F739AE1-CB87-4BED-BC60-F40E173A7F92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{EB636362-36CF-4239-BE33-6D60C5B21451}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{EA0876E7-7883-435C-9D40-5CE5BE1976DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{F4218BE4-F7FD-417A-9319-DF3430D0E989}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{596B9E55-4EC4-4A29-ACB4-5B864FC98E81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5C98BB30-90E6-479A-ABB3-D5F02B8C6E72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{4441C552-9E32-4825-BBA5-1B748024AEEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{48DAB9D6-EF45-40D9-9656-1E780A1BCBA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{57D0ADA1-1D63-445F-ACBD-0371C1A9678E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{974439C0-8264-4F7B-895C-B0DE38038E32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{E92BFC83-C73F-471C-B655-F099F0462C44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{25EE1910-5A61-4F84-AED2-A85043F6E66C}] => (Allow) LPort=8888
    FirewallRules: [{67A2A0FC-70AF-4C6D-B8F0-1A4AAADB8597}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{B4FB5395-208C-403E-A8CF-9F2762F56CFD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{2A4FA544-A387-4176-B193-FD060E9C1BE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{50D1D61A-778A-4E95-91F7-E8C5E0C2A609}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{EBB9CAED-0AF6-4C08-924C-F9BCE2D018C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DFA1C554-1F5B-4CAB-BE6B-0E9EE3EB72AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{0792797F-73BB-473F-BAB9-0542A25CCFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D8D8BCF3-5560-4F80-8550-5D82C194F925}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [TCP Query User{14593135-DE9B-420F-B3D1-94BA9B809274}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{0C1AD51E-92B8-42E7-8D89-9F02D83909BB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{119F7757-D5DB-442B-B993-7C83585F19E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{B9493091-11E9-4366-8515-A74C38418D2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{C84C1DF6-BAAE-43AB-9118-2F86C848C3EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A97A83AA-91D6-4A0E-9E18-18BBE783D9AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D21911CC-25EC-4D93-B6E4-9E891E24FDF3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{AA4AA449-5FB8-43A7-91F8-76C76F2B7DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{86154076-E317-4026-9051-EAFBC8DE63AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A1621378-B077-4F25-A98E-F66E2A0CE46D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{41C79DCC-0ACA-4C75-97A5-E891251C65E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{45D86E81-2142-4956-B5FB-92E62060473A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{B97B6753-C820-4FC3-B638-05C4A6ACB72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{7E618D33-0C92-4AFA-B165-31B81C95278D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DB079ABF-600C-49EF-B69B-6A464D92A006}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{8BC5D5A8-95F2-4741-81D7-C844EF1E878A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1DA4E5A4-59DD-4F2A-B130-8D78E5BCC94B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{98D39DD7-F072-4189-9B1C-9437865A5DE8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D36BB8DD-DC10-4F77-B194-08F80BCA1709}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{73DD00CD-0919-4AF0-B205-6D099A9FFCBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{946CDC96-66DA-455A-A1E8-5AA170CA93D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{69FF58EC-3CE4-4A68-9C60-5835C800D8FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5EBDDDB7-690F-483D-B869-13B7D02A91F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{6013E745-1042-499D-9D99-B3D33B877D3C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{CFCEBB1F-48AA-440A-A67A-18DF91B569E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{8ABC8A64-70DA-4B4B-BB84-C2DA6E27EB3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{C728CDAA-8B85-4507-909E-472583D73A21}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D5F9ED46-03B8-495B-A3F5-46DEF918004D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DD6985B1-9CC6-49BB-A13A-04A733229AA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{020A4680-3E89-446D-B700-0105D6F30E5B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{84FEDEFD-E9D2-4E47-81DE-B233169D0D85}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{BF7088D1-5125-4D2D-B7A9-FB1B491B9AFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{F96413CC-E9C9-4995-AD4D-076D5F71A5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{88EB3689-CB2A-4F69-AF64-BDC22C035019}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1452F46A-990F-4866-813A-3BE3CEFD6556}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{47368D5A-753D-4930-B7E5-3C1579DC3D7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{1C4F7991-659F-45E5-850B-D35A27D664A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DA87CF50-5225-40C8-8D73-F41D2053BEE2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1A0CE8E7-6E14-4813-A948-B3C595A59241}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{4BAC57A9-0013-4526-BF17-53D2F42726F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{B77D79B6-DB55-4513-B5CF-2A532B760D32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{E5230FC5-F456-4228-B6D9-814B5E19B3A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{655279DD-0935-4649-8FD2-8B7A4743490C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A09F8F39-C76E-4360-8AE2-7BDE4B318E86}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{C325ED5F-CF76-453E-9B1B-7C396EDFFA0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{8A6C666E-715E-4107-9715-30900496197E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{74349A4D-B31B-4AA8-BBB5-63475FC25E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1C6F77A8-04A7-410B-BD3F-BEE3A1424C55}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1C5711A9-0EFD-4178-9307-2D7C3DA9450A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{00CD2CA3-24C0-41FA-8551-0573D82880BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{8236F01C-98F5-4CB3-A832-F7FF77D1942A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{51C75DAB-9576-4982-B15A-8B887F7B345A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A0B098E2-7A24-4325-994C-33B12EB22232}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{34B73CEA-8E5B-482E-8DFF-5DCA2A8B7EBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{AE915E69-A811-44CD-92AE-CFE2F151ED91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [TCP Query User{C6A8CDB9-B617-40C1-94BA-54CD7525ADD1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{EECF6088-A320-48E9-A39A-F5051E90BFA6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Wiederherstellungspunkte =========================

    08-03-2016 11:18:04 Intel(R) Technology Access
    11-03-2016 13:48:14 Windows Update
    24-03-2016 04:40:26 Windows Update

    ==================== Fehlerhafte Geräte im Gerätemanager =============


    ==================== Fehlereinträge in der Ereignisanzeige: =========================

    Applikationsfehler:
    ==================
    Error: (03/26/2016 07:05:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
    Name des fehlerhaften Moduls: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x00068798
    ID des fehlerhaften Prozesses: 0x1848
    Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
    Pfad der fehlerhaften Anwendung: EXCEL.EXE1
    Pfad des fehlerhaften Moduls: EXCEL.EXE2
    Berichtskennung: EXCEL.EXE3
    Vollständiger Name des fehlerhaften Pakets: EXCEL.EXE4
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EXCEL.EXE5

    Error: (03/26/2016 06:25:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 45.0.1.5918, Zeitstempel: 0x56e8b7df
    Name des fehlerhaften Moduls: mozglue.dll, Version: 45.0.1.5918, Zeitstempel: 0x56e8a981
    Ausnahmecode: 0x80000003
    Fehleroffset: 0x0000f0ea
    ID des fehlerhaften Prozesses: 0x2510
    Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
    Pfad der fehlerhaften Anwendung: plugin-container.exe1
    Pfad des fehlerhaften Moduls: plugin-container.exe2
    Berichtskennung: plugin-container.exe3
    Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

    Error: (03/26/2016 06:25:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm firefox.exe, Version 45.0.1.5918 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: 1ac4

    Startzeit: 01d187421ddcfd0b

    Endzeit: 366

    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Berichts-ID: fde30c5d-f33c-11e5-86bc-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

    Error: (03/24/2016 05:40:10 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-499248853-3292403601-2203723613-1001}/">.

    Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

    Details:
    Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)

    Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

    Details:
    Die Daten sind unzulässig. 0x8007000d (0x8007000d)

    Error: (03/23/2016 06:27:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Anwendung: Seagate.Dashboard.DASWindowsService.exe
    Frameworkversion: v4.0.30319
    Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
    Ausnahmeinformationen: System.Management.ManagementException
    Stapel:
    bei System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
    bei System.Management.SinkForEventQuery.Cancel()
    bei System.Management.ManagementEventWatcher.Stop()
    bei System.Management.ManagementEventWatcher.Finalize()

    Error: (03/23/2016 03:04:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm CLVIEW.EXE, Version 15.0.4801.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: a00

    Startzeit: 01d18536b95b0d9b

    Endzeit: 18

    Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\CLVIEW.EXE

    Berichts-ID: fcfd7070-f129-11e5-86b2-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

    Error: (03/23/2016 04:12:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: 120

    Startzeit: 01d184d79c1793e8

    Endzeit: 0

    Anwendungspfad: C:\Windows\Explorer.EXE

    Berichts-ID: 34120cd4-f0ce-11e5-86b1-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

    Error: (03/23/2016 04:06:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm EXCEL.EXE, Version 15.0.4805.1001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: 85c

    Startzeit: 01d184d8586be741

    Endzeit: 131

    Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

    Berichts-ID: 290075e0-f0ce-11e5-86b1-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


    Systemfehler:
    =============
    Error: (03/26/2016 04:01:53 AM) (Source: DCOM) (EventID: 10010) (User: FLORIAN)
    Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

    Error: (03/26/2016 03:59:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%1053

    Error: (03/26/2016 03:59:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

    Error: (03/25/2016 04:20:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%1053

    Error: (03/25/2016 04:20:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

    Error: (03/25/2016 04:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%1053

    Error: (03/25/2016 04:19:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

    Error: (03/25/2016 10:43:44 AM) (Source: DCOM) (EventID: 10010) (User: FLORIAN)
    Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

    Error: (03/25/2016 10:41:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
    %%1053

    Error: (03/25/2016 10:41:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.


    CodeIntegrity:
    ===================================
    Date: 2014-11-20 08:00:20.317
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-11-20 07:46:58.286
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Speicherinformationen ===========================

    Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
    Prozentuale Nutzung des RAM: 23%
    Installierter physikalischer RAM: 8072.27 MB
    Verfügbarer physikalischer RAM: 6178.69 MB
    Summe virtueller Speicher: 9352.27 MB
    Verfügbarer virtueller Speicher: 6780.64 MB

    ==================== Laufwerke ================================

    Drive c: (Acer) (Fixed) (Total:898.59 GB) (Free:693.91 GB) NTFS

    ==================== MBR & Partitionstabelle ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1CCF8D51)

    Partition: GPT.

    ==================== Ende von Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Good morning and Happy Easter! I am very happy that you replied! Sorry for the late reply, but I am 8 or nine hours ahead of you so I was asleep when you replied.
    I have just finished RogueKiller and it generated this report:

    RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
    Mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 8.1 (6.3.9600) 64 bits version
    gestarted in : normaler Modus
    User : Florian Robert [Administrator]
    Started from : C:\Users\Florian Robert\Desktop\RogueKiller.exe
    Modus : Scannen -- Datum : 03/27/2016 03:21:06

    ¤¤¤ Prozesse : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\MetaStream -> Gefunden
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Viewpoint -> Gefunden
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Gefunden
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Gefunden
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Gefunden
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Gefunden
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Gefunden

    ¤¤¤ Aufgaben : 2 ¤¤¤
    [Suspicious.Path|VT.Unknown] \Florian Robert -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert.nji") -> Gefunden
    [Suspicious.Path|VT.Unknown] \Florian Robert Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert Merge.nji") -> Gefunden

    ¤¤¤ Dateien : 1 ¤¤¤
    [PUP][Ordner] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85} -> Gefunden

    ¤¤¤ Host Dateien : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

    ¤¤¤ Web Browser : 0 ¤¤¤

    ¤¤¤ MBR Überprüfung : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM014-1EJ164 +++++
    --- User ---
    [MBR] cf1626c9ab7604c27e15cc87ea822b09
    [BSP] f7f54c70c21550c458c39f101feb9b57 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2107392 | Size: 920160 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1886595072 | Size: 17408 MB
    5 - [SYSTEM][HIDDEN!][READONLY][MAN-MOUNT] Basic data partition | Offset (sectors): 1922246656 | Size: 15272 MB
    User = LL1 ... OK
    User = LL2 ... OK

    I will now continue with Malwarebytes.

    Best,
    Florian
     
  8. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Sorry, I just saw that there is a second report from RogueKiller that shows what has been deleted (or not?):
    gelöscht means "deleted"
    RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
    Mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 8.1 (6.3.9600) 64 bits version
    gestarted in : normaler Modus
    User : Florian Robert [Administrator]
    Started from : C:\Users\Florian Robert\Desktop\RogueKiller.exe
    Modus : Löschen -- Datum : 03/27/2016 03:23:12

    ¤¤¤ Prozesse : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\MetaStream -> gelöscht
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Viewpoint -> gelöscht
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> gelöscht
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> gelöscht
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> ersetzt (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> ersetzt (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

    ¤¤¤ Aufgaben : 2 ¤¤¤
    [Suspicious.Path|VT.Unknown] \Florian Robert -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert.nji") -> gelöscht
    [Suspicious.Path|VT.Unknown] \Florian Robert Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert Merge.nji") -> gelöscht

    ¤¤¤ Dateien : 1 ¤¤¤
    [PUP][Ordner] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85} -> gelöscht
    [PUP][Datei] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85}\1941 frozen front pc.dat -> gelöscht
    [PUP][Datei] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85}\3d4fa3e94dffaed0 -> gelöscht
    [PUP][Datei] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85}\f0b205bc6a2b4904 -> gelöscht

    ¤¤¤ Host Dateien : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

    ¤¤¤ Web Browser : 0 ¤¤¤

    ¤¤¤ MBR Überprüfung : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM014-1EJ164 +++++
    --- User ---
    [MBR] cf1626c9ab7604c27e15cc87ea822b09
    [BSP] f7f54c70c21550c458c39f101feb9b57 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2107392 | Size: 920160 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1886595072 | Size: 17408 MB
    5 - [SYSTEM][HIDDEN!][READONLY][MAN-MOUNT] Basic data partition | Offset (sectors): 1922246656 | Size: 15272 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  9. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Hi, I have completed Malwarebytes. Mwb did not ask for a restart but I did it manually anyway. When it came up again, about five windows poppeed up. Unfortunately, I could not copy the text. All of them said something like:
    "Error. The script cannot be executed. Undefined value. Would you like to continue to execute the script? Yes - No" I always pressed "No", since I assumed that an undefined value makes a script unexecutable anyway.
    The undefined values referred to the ACER hive on C:/
    Then there was one extra window popping up saying that "an application is delaying the opening of the browser. Would you like to continue to execute the application? Yes - No" I pressed No. Strange, since I had not started any browser.

    It might be of interest, that when Malwarebytes found something some days ago, it seemed to be related to the Internet Explorer browser. So after Mwb had deleted what it had quarantined, I disconnected the IE browser so that it would not be able to connect to the Internet. I am using Mozilla Firefox anyway, never liked IE.

    Here are the two reports from Malwarebytes:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 27.03.2016
    Scan Time: 03:42
    Logfile: Malewarebytes log 27 March 2016.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.03.27.01
    Rootkit Database: v2016.03.12.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Florian Robert

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 366297
    Time Elapsed: 1 hr, 9 min, 5 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Here is the second one:

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 27.03.2016 03:36, SYSTEM, FLORIAN, Manual, Remediation Database, 2016.3.18.1, 2016.3.24.1,
    Update, 27.03.2016 03:36, SYSTEM, FLORIAN, Manual, IP Database, 2016.3.17.1, 2016.3.21.3,
    Update, 27.03.2016 03:36, SYSTEM, FLORIAN, Manual, Domain Database, 2016.3.19.1, 2016.3.27.2,
    Update, 27.03.2016 03:37, SYSTEM, FLORIAN, Manual, Malware Database, 2016.3.20.2, 2016.3.27.1,
    Update, 27.03.2016 03:38, SYSTEM, FLORIAN, Manual, program, 2.2.0.1024, 2.2.1.0,
    Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malware Protection, Starting,
    Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malware Protection, Started,
    Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Starting,
    Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Started,
    Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, Remediation Database, 2016.2.12.1, 2016.3.24.1,
    Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
    Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, Domain Database, 2016.2.16.8, 2016.3.27.2,
    Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,
    Update, 27.03.2016 03:42, SYSTEM, FLORIAN, Manual, Malware Database, 2016.2.16.6, 2016.3.27.1,
    Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Refresh, Starting,
    Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Stopping,
    Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Stopped,
    Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Refresh, Success,
    Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Starting,
    Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Started,
    Scan, 27.03.2016 04:52, SYSTEM, FLORIAN, Manual, Start:27.03.2016 03:42, Duration:1 hr 9 min 5 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

    (end)

    I will continue now with AdwCleaner.
    Thank you again for taking the time on Easter Sunday!
     
  10. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Hello, AdwCleaner is done. It restarted the system and a window popped up:
    "The Server is busy/overloaded. In order to solve this issue click on "Go to application" " There was another button:"Repeat" I clicked on none and after about 10 seconds the window disappeared.
    Here is the AdwCleaner report:
    # AdwCleaner v5.105 - Bericht erstellt am 27/03/2016 um 05:32:58
    # Aktualisiert am 21/03/2016 von Xplode
    # Datenbank : 2016-03-26.1 [Server]
    # Betriebssystem : Windows 8.1 (x64)
    # Benutzername : Florian Robert - FLORIAN
    # Gestartet von : C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
    # Option : Löschen
    # Unterstützung : http://toolslib.net/forum

    ***** [ Dienste ] *****


    ***** [ Ordner ] *****

    [-] Ordner Gelöscht : C:\Genesis
    [-] Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
    [-] Ordner Gelöscht : C:\ProgramData\Viewpoint
    [-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis
    [-] Ordner Gelöscht : C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform
    [-] Ordner Gelöscht : C:\Users\Florian Robert\Documents\ppt
    [#] Ordner Gelöscht : C:\Windows\SysNative\Tasks\SweetLabs App Platform

    ***** [ Dateien ] *****

    [-] Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    [-] Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    [-] Datei Gelöscht : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
    [-] Datei Gelöscht : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    [-] Datei Gelöscht : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

    ***** [ DLLs ] *****


    ***** [ Verknüpfungen ] *****


    ***** [ Aufgabenplanung ] *****

    [-] Geplante Aufgabe Gelöscht : SweetLabs App Platform

    ***** [ Registrierungsdatenbank ] *****

    [-] Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
    [-] Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
    [-] Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
    [-] Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    [-] Schlüssel Gelöscht : HKCU\Software\Classes\pokki
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    [-] Schlüssel Gelöscht : HKCU\Software\DAILYPCCLEAN
    [-] Schlüssel Gelöscht : HKCU\Software\IM
    [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Tinstalls
    [-] Schlüssel Gelöscht : HKCU\Software\OCS
    [-] Schlüssel Gelöscht : HKCU\Software\powerpack
    [-] Schlüssel Gelöscht : HKCU\Software\SweetLabs App Platform
    [-] Schlüssel Gelöscht : HKCU\Software\WEBAPP
    [-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
    [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    [-] Schlüssel Gelöscht : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\SweetLabs App Platform
    [-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    [-] Wert Gelöscht : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

    ***** [ Internetbrowser ] *****

    [-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
    [-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=22079&r=2015/02/22&hid=13470389669579871766&lg=EN&cc=DE&unqvl=82&l=1&q=");
    [-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.order.1", "WebSearch");
    [-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
    [-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
    [-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");

    *************************

    :: "Tracing" Schlüssel gelöscht
    :: Winsock Einstellungen zurückgesetzt

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [5621 Bytes] - [27/03/2016 05:32:58]
    C:\AdwCleaner\AdwCleaner[R0].txt - [3207 Bytes] - [02/02/2015 06:51:06]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6720 Bytes] - [27/03/2016 05:25:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5840 Bytes] ##########
    I will continue now with Junkware Removal Tool.
     
  11. Florian

    Florian TS Rookie Topic Starter Posts: 29

    I just saw that there is a second report in the AdwCleaner directory.

    # AdwCleaner v5.105 - Bericht erstellt am 27/03/2016 um 05:25:43
    # Aktualisiert am 21/03/2016 von Xplode
    # Datenbank : 2016-03-26.1 [Server]
    # Betriebssystem : Windows 8.1 (x64)
    # Benutzername : Florian Robert - FLORIAN
    # Gestartet von : C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
    # Option : Suchlauf
    # Unterstützung : http://toolslib.net/forum

    ***** [ Dienste ] *****


    ***** [ Ordner ] *****

    Ordner Gefunden : C:\Genesis
    Ordner Gefunden : C:\Program Files (x86)\Viewpoint
    Ordner Gefunden : C:\ProgramData\Viewpoint
    Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis
    Ordner Gefunden : C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform
    Ordner Gefunden : C:\Users\Florian Robert\Documents\ppt
    Ordner Gefunden : C:\Windows\SysNative\Tasks\SweetLabs App Platform

    ***** [ Dateien ] *****

    Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    Datei Gefunden : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
    Datei Gefunden : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    Datei Gefunden : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

    ***** [ DLL ] *****


    ***** [ Verknüpfungen ] *****


    ***** [ Aufgabenplanung ] *****

    Geplante Aufgabe Gefunden : SweetLabs App Platform

    ***** [ Registrierungsdatenbank ] *****

    Schlüssel Gefunden : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
    Schlüssel Gefunden : HKCU\Software\Classes\Directory\shell\pokki
    Schlüssel Gefunden : HKCU\Software\Classes\Drive\shell\pokki
    Schlüssel Gefunden : HKCU\Software\Classes\lnkfile\shell\pokki
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Schlüssel Gefunden : HKCU\Software\Classes\pokki
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Classes\pokki
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Schlüssel Gefunden : HKCU\Software\DAILYPCCLEAN
    Schlüssel Gefunden : HKCU\Software\IM
    Schlüssel Gefunden : HKCU\Software\Microsoft\Tinstalls
    Schlüssel Gefunden : HKCU\Software\OCS
    Schlüssel Gefunden : HKCU\Software\powerpack
    Schlüssel Gefunden : HKCU\Software\SweetLabs App Platform
    Schlüssel Gefunden : HKCU\Software\WEBAPP
    Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\DAILYPCCLEAN
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\IM
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Tinstalls
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\OCS
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\powerpack
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\SweetLabs App Platform
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\WEBAPP
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
    Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
    Wert Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

    ***** [ Internetbrowser ] *****

    [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
    [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=22079&r=2015/02/22&hid=13470389669579871766&lg=EN&cc=DE&unqvl=82&l=1&q=");
    [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.order.1", "WebSearch");
    [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.order.1,S", "WebSearch");
    [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.selectedEngine", "WebSearch");
    [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");

    *************************

    C:\AdwCleaner\AdwCleaner[R0].txt - [3207 Bytes] - [02/02/2015 06:51:06]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6564 Bytes] - [27/03/2016 05:25:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6637 Bytes] ##########
     
  12. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Good morning, I completed JRT.exe scan and here are the results:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.4 (03.14.2016)
    Operating System: Windows 8.1 x64
    Ran by Florian Robert (Administrator) on 27.03.2016 at 5:55:32,89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 3

    Successfully deleted: C:\Users\Florian Robert\AppData\Local\pdfforge (Folder)
    Successfully deleted: C:\Users\Florian Robert\AppData\Roaming\pdfforge (Folder)
    Successfully deleted: C:\Windows\wininit.ini (File)



    Registry: 2

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 27.03.2016 at 5:58:28,52
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Thank you for your advice. Since we are separated by 8-9 hours, I will patiently wait for your next instructions.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Hi Broni, I am writing to you from my Smartphone since the following happened :
    I started my notebook and it behaved 'normal' until the desktop came up. There, it did not show all icons but some that are white / blank. I waited several minutes but nothing seemed to move.
    Then I clicked on the Mozilla icon (normal) and nothing happened. I waited some minutes and repeated. Still nothing. Then I decided to restart.
    But the Windows start tile in the lower left corner did not react / did not show the menu at a right click. Instead, it opened the tile style desktop but without any tiles visible.
    The mouse can be moved but except for the start tile in the lower left corner there is nothing to click on. The screen shows my normal background picture.
    I tried to open the task manager with Ctrl alt Del but no reaction.
    I also can't shut down by pressing the on/off button on the outside frame of my notebook.
    Any idea?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Try to remove battery.
     
  16. Florian

    Florian TS Rookie Topic Starter Posts: 29

    The battery seems to be well secured ie I don't have the right screwdrivers to release the screws. Since the battery was relatively full, it will take several hours until it shuts down itself.
    When I restart (with just enough energy) , what should I do?
    Press a certain key combination during booting ?
    Or 'hope' that it will boot fully?
    Thanks for your help!
     
  17. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Let's hope it'll boot normally.
     
  18. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Good morning, finally, the battery died and I could fully boot this time.
    Here is FRST.txt part 1
    Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    durchgeführt von Florian Robert (Administrator) auf FLORIAN (28-03-2016 02:37:01)
    Gestartet von C:\Users\Florian Robert\Desktop
    Geladene Profile: Florian Robert (Verfügbare Profile: Florian Robert)
    Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
    Internet Explorer Version 11 (Standard-Browser: FF)
    Start-Modus: Normal
    Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Prozesse (Nicht auf der Ausnahmeliste) =================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (AOL Inc.) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
    (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
    (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE


    ==================== Registry (Nicht auf der Ausnahmeliste) ===========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-09-29] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
    HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1409474061\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
    HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
    HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
    HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {6f730b64-3e72-11e4-826a-083e8eee820c} - "D:\LGAutoRun.exe"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775b79-2f9b-11e4-825e-c4544477a64a} - "D:\EasySuite.exe"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775bc4-2f9b-11e4-825e-c4544477a64a} - "E:\EasySuite.exe"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-03-08]
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-08]
    ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

    ==================== Internet (Nicht auf der Ausnahmeliste) ====================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

    Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{04133109-4254-4054-9646-F72C15C37638}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
    BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
    BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei

    FireFox:
    ========
    FF ProfilePath: C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-21] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-21] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-499248853-3292403601-2203723613-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Florian Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
    FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-12-18]
    FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [ist nicht signiert]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-09]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-09]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

    ==================== Dienste (Nicht auf der Ausnahmeliste) ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
    R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel(R) Corporation)
    R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel(R) Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
    R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-01-18] (Acer Incorporate)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-04] (Acer Incorporate)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-04] (Acer Incorporate)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
    S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-01] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-20] (AVAST Software)
    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2013-09-07] (Broadcom Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-16] (Acer Incorporated)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-27] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
    R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
    S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
    S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
    R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-16] (Acer Incorporated)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-27] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
     
  19. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Hi, here is FRST.txt part 2:
    ==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


    ==================== Ein Monat: Erstellte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2016-03-27 05:58 - 2016-03-27 05:58 - 00001044 _____ C:\Users\Florian Robert\Desktop\JRT.txt
    2016-03-27 04:54 - 2016-03-27 04:54 - 00002127 _____ C:\Users\Florian Robert\Desktop\Malewarebytes daily protectionlog 27 March 2016.txt
    2016-03-27 04:53 - 2016-03-27 04:53 - 00001077 _____ C:\Users\Florian Robert\Desktop\Malewarebytes log 27 March 2016.txt
    2016-03-27 01:54 - 2016-03-27 01:54 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-03-27 01:51 - 2016-03-27 03:31 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-03-26 13:17 - 2016-03-26 13:24 - 145834032 _____ (Sophos Limited) C:\Users\Florian Robert\Desktop\Sophos Virus Removal Tool.exe
    2016-03-26 13:17 - 2016-03-26 13:17 - 00448512 _____ (OldTimer Tools) C:\Users\Florian Robert\Desktop\TFC.exe
    2016-03-26 13:16 - 2016-03-26 13:16 - 00899584 _____ (Farbar) C:\Users\Florian Robert\Desktop\FSS.exe
    2016-03-26 13:15 - 2016-03-26 13:15 - 00852798 _____ C:\Users\Florian Robert\Desktop\SecurityCheck.exe
    2016-03-26 07:26 - 2016-03-26 07:31 - 00061095 _____ C:\Users\Florian Robert\Desktop\Addition.txt
    2016-03-26 07:24 - 2016-03-28 02:38 - 00023855 _____ C:\Users\Florian Robert\Desktop\FRST.txt
    2016-03-26 07:24 - 2016-03-28 02:37 - 00000000 ____D C:\FRST
    2016-03-26 06:32 - 2016-03-26 06:32 - 02374144 _____ (Farbar) C:\Users\Florian Robert\Desktop\FRST64.exe
    2016-03-26 06:10 - 2016-03-26 06:10 - 19655240 _____ C:\Users\Florian Robert\Desktop\RogueKiller.exe
    2016-03-26 05:53 - 2016-03-26 05:53 - 01530368 _____ C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
    2016-03-26 05:45 - 2016-03-26 05:45 - 01610352 _____ (Malwarebytes) C:\Users\Florian Robert\Desktop\JRT.exe
    2016-03-26 05:20 - 2016-03-26 05:20 - 06868672 _____ (Piriform Ltd) C:\Users\Florian Robert\Downloads\ccsetup516.exe
    2016-03-24 04:40 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-03-24 04:40 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-03-24 04:40 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-03-24 04:40 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-03-24 04:40 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-03-24 04:40 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-03-24 04:39 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2016-03-24 04:39 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
    2016-03-24 04:39 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2016-03-24 04:39 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2016-03-24 04:39 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
    2016-03-24 04:39 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2016-03-24 04:39 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2016-03-24 04:39 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
    2016-03-24 04:39 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2016-03-24 04:39 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2016-03-24 04:39 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2016-03-24 04:39 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2016-03-24 04:39 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2016-03-24 04:36 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-03-24 04:36 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-03-24 04:36 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-03-24 04:36 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-03-24 04:36 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2016-03-24 04:36 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-03-24 04:36 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
    2016-03-24 04:36 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2016-03-24 04:36 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-03-24 04:36 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
    2016-03-24 04:36 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
    2016-03-24 04:36 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
    2016-03-24 04:36 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
    2016-03-24 04:36 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2016-03-24 04:36 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
    2016-03-24 04:36 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
    2016-03-24 04:36 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-03-24 04:36 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
    2016-03-24 04:36 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
    2016-03-24 04:36 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-03-24 04:36 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
    2016-03-24 04:36 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
    2016-03-24 04:36 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
    2016-03-24 04:36 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
    2016-03-24 04:36 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2016-03-24 04:36 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2016-03-24 04:36 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2016-03-24 04:36 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
    2016-03-24 04:36 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
    2016-03-24 04:36 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2016-03-24 04:36 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
    2016-03-24 04:36 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
    2016-03-24 04:36 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
    2016-03-24 04:36 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
    2016-03-24 04:36 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
    2016-03-24 04:36 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2016-03-24 04:36 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2016-03-24 04:36 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2016-03-24 04:33 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
    2016-03-24 04:33 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
    2016-03-24 04:32 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2016-03-24 04:32 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
    2016-03-24 04:31 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-03-24 04:31 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-03-24 04:31 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-03-24 04:31 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-03-24 04:31 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-03-24 04:31 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-03-24 04:31 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-03-24 04:31 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2016-03-24 04:31 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2016-03-24 04:31 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2016-03-24 04:31 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2016-03-24 04:31 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2016-03-24 04:31 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2016-03-24 04:31 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2016-03-24 04:31 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2016-03-24 04:31 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2016-03-24 04:31 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2016-03-23 03:50 - 2016-03-23 04:12 - 00003068 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458719394
    2016-03-23 03:50 - 2016-03-23 04:12 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-03-23 03:50 - 2016-03-23 03:50 - 00001057 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-03-23 03:48 - 2016-03-23 03:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-03-22 05:52 - 2016-03-22 05:52 - 00000562 _____ C:\Users\Florian Robert\Downloads\Stealth Trader v2.6.0.msi
    2016-03-12 07:46 - 2016-03-12 07:46 - 00001309 _____ C:\Malewarebytes log 12 March 2016.txt
    2016-03-10 04:38 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-03-10 04:38 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-03-10 04:38 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2016-03-10 04:38 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
    2016-03-10 04:38 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2016-03-10 04:38 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
    2016-03-10 04:38 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-03-10 04:38 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-03-10 04:38 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-03-10 04:38 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-03-10 04:38 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-03-10 04:38 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-03-10 04:38 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-03-10 04:38 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-03-10 04:38 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-03-10 04:38 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-03-10 04:38 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-03-10 04:38 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-03-10 04:38 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-03-10 04:38 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-03-10 04:38 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-03-10 04:38 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-03-10 04:38 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-03-10 04:38 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-03-10 04:38 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-03-10 04:38 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-03-10 04:38 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-03-10 04:38 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-03-10 04:38 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-03-10 04:38 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-03-10 04:38 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-03-10 04:38 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-03-10 04:38 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-03-10 04:38 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2016-03-10 04:38 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-03-10 04:38 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-03-10 04:38 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-03-10 04:38 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-03-10 04:38 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-03-10 04:38 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-03-10 04:37 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-03-10 04:33 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-03-10 04:33 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-03-10 04:33 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2016-03-10 04:33 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-03-10 04:33 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-03-10 04:33 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-03-10 04:33 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-03-10 04:33 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-03-10 04:33 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-03-10 04:33 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-03-10 04:33 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-03-10 04:33 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-03-10 04:33 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
    2016-03-10 04:33 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-03-10 04:33 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-03-10 04:33 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-03-10 04:33 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-03-10 04:33 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2016-03-10 04:33 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-03-10 04:33 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-03-10 04:32 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
    2016-03-10 04:32 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
    2016-03-10 04:32 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-03-10 04:32 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-03-10 04:31 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2016-03-10 04:30 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-03-10 04:30 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-03-10 04:30 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-03-10 04:30 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-03-10 04:30 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-03-10 04:29 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
    2016-03-10 04:29 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
    2016-03-09 02:58 - 2016-03-09 02:58 - 00001238 _____ C:\Malewarebytes log 09 March 2016.txt
    2016-03-08 17:17 - 2016-03-08 17:17 - 00001220 _____ C:\Malewarebytes log 08 March 2016.txt
    2016-03-08 16:25 - 2016-03-27 03:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-03-08 16:24 - 2016-03-27 03:39 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-03-08 16:24 - 2016-03-27 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-08 16:24 - 2016-03-27 03:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-08 16:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-03-08 16:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-03-08 16:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-03-08 16:16 - 2016-03-08 16:17 - 22908888 _____ (Malwarebytes ) C:\Users\Florian Robert\Downloads\mbam-setup-2.2.0.1024.exe
    2016-03-08 09:02 - 2016-03-08 09:03 - 00013824 ___SH C:\Users\Florian Robert\Desktop\Thumbs.db
    2016-03-08 09:01 - 2016-03-08 09:01 - 00000000 ____D C:\Users\Florian Robert\Documents\ProcAlyzer Dumps
    2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\Program Files (x86)\Windows Kits
    2016-03-07 11:05 - 2016-03-07 11:05 - 00000000 ____D C:\Users\Florian Robert\Documents\Avast Config
    2016-03-07 05:12 - 2015-07-05 14:49 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20160307-041220.backup
    2016-03-06 18:52 - 2016-03-07 10:04 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\app
    2016-03-06 12:56 - 2016-03-08 17:22 - 00001916 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
    2016-03-06 11:54 - 2016-03-06 11:54 - 01806364 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-03-04 11:42 - 2016-03-04 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotto Architect 2.2

    ==================== Ein Monat: Geänderte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2016-03-28 02:36 - 2015-12-06 04:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-03-28 02:36 - 2014-09-12 10:36 - 00000000 ____D C:\Users\Florian Robert\OneDrive
    2016-03-28 02:35 - 2015-06-26 05:39 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-28 02:35 - 2014-08-29 12:55 - 00000000 ____D C:\Users\Florian Robert
    2016-03-28 02:34 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-27 12:27 - 2014-08-29 13:01 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-499248853-3292403601-2203723613-1001
    2016-03-27 12:23 - 2014-09-10 11:17 - 00000344 _____ C:\Windows\lgfwup.ini
    2016-03-27 12:22 - 2014-09-10 11:17 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
    2016-03-27 07:06 - 2016-02-23 12:42 - 00000632 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
    2016-03-27 06:51 - 2016-02-23 12:42 - 00000728 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
    2016-03-27 06:46 - 2016-02-10 20:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-03-27 06:44 - 2015-06-26 05:39 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-27 06:28 - 2014-05-30 00:22 - 00784836 _____ C:\Windows\system32\perfh007.dat
    2016-03-27 06:28 - 2014-05-30 00:22 - 00165004 _____ C:\Windows\system32\perfc007.dat
    2016-03-27 06:28 - 2014-03-18 06:03 - 01814802 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-03-27 06:28 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
    2016-03-27 05:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-03-27 05:32 - 2015-02-02 06:49 - 00000000 ____D C:\AdwCleaner
    2016-03-26 07:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
    2016-03-26 06:25 - 2014-09-10 08:16 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\CrashDumps
    2016-03-26 05:29 - 2014-09-15 10:32 - 00000000 ____D C:\Users\Florian Robert\Documents\Registry changes log
    2016-03-26 05:21 - 2015-05-18 04:03 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-03-26 04:45 - 2014-04-24 21:06 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\system32\GWX
    2016-03-24 04:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
    2016-03-24 04:50 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-03-24 01:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-03-23 14:16 - 2016-02-23 12:42 - 00003744 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001
    2016-03-23 14:16 - 2016-02-23 12:42 - 00003648 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001
    2016-03-23 03:47 - 2014-11-20 09:13 - 00000000 ____D C:\Program Files\AVAST Software
    2016-03-23 03:47 - 2014-11-20 09:12 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-03-22 13:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-03-22 05:29 - 2014-09-06 04:27 - 00000000 ____D C:\Users\Florian Robert\Documents\Outlook-Dateien
    2016-03-21 07:25 - 2014-08-29 12:56 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\Packages
    2016-03-21 04:58 - 2014-11-18 12:53 - 00000891 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-03-21 04:56 - 2016-02-12 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-03-21 04:53 - 2016-02-10 20:35 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-03-17 17:57 - 2014-09-12 11:02 - 00000000 ____D C:\Users\Florian Robert\AppData\Roaming\Skype
    2016-03-16 10:22 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-03-16 10:17 - 2014-08-30 05:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-03-15 12:42 - 2014-08-31 04:54 - 00000054 _____ C:\Windows\NavWin.INI
    2016-03-12 09:19 - 2014-11-20 09:14 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-03-12 09:19 - 2014-11-20 09:14 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2016-03-12 08:39 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-10 05:08 - 2013-08-22 10:44 - 00381504 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-03-10 05:05 - 2015-04-15 05:40 - 00000000 ____D C:\Windows\system32\appraiser
    2016-03-10 04:43 - 2014-09-05 02:25 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-03-10 04:43 - 2014-09-05 02:25 - 00000000 ____D C:\Windows\system32\MRT
    2016-03-08 17:23 - 2015-11-29 05:50 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-03-08 17:23 - 2015-09-14 13:23 - 00000778 _____ C:\Users\Public\Desktop\System Advisor Model (x64).lnk
    2016-03-08 17:23 - 2015-07-20 03:02 - 00002643 _____ C:\Users\Public\Desktop\Stealth Trader v2.5.3.lnk
    2016-03-08 17:23 - 2015-06-26 05:41 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
    2016-03-08 17:23 - 2014-12-23 13:07 - 00000890 _____ C:\Users\Public\Desktop\PDFCreator.lnk
    2016-03-08 17:23 - 2014-11-20 09:15 - 00002022 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-03-08 17:23 - 2014-11-04 13:38 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2016-03-08 17:23 - 2014-10-29 13:25 - 00001862 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2016-03-08 17:23 - 2014-10-29 13:01 - 00001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-03-08 17:23 - 2014-10-29 13:01 - 00001349 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-03-08 17:23 - 2014-10-19 06:43 - 00002745 _____ C:\Users\Public\Desktop\MarginCalculator.exe.lnk
    2016-03-08 17:23 - 2014-09-15 07:11 - 00000999 _____ C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    2016-03-08 17:23 - 2014-09-02 02:14 - 00001778 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2016-03-08 17:23 - 2014-09-02 02:13 - 00001712 _____ C:\Users\Public\Desktop\Recuva.lnk
    2016-03-08 17:23 - 2014-08-31 04:53 - 00001735 _____ C:\Users\Public\Desktop\Trade Navigator.lnk
    2016-03-08 17:23 - 2014-08-31 04:46 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-03-08 17:23 - 2014-08-31 04:46 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-03-08 17:23 - 2014-08-31 04:35 - 00000918 _____ C:\Users\Public\Desktop\AOL 9.0 VR.lnk
    2016-03-08 17:23 - 2014-05-29 15:41 - 00001245 _____ C:\Users\Public\Desktop\Help and Support.lnk
    2016-03-08 17:23 - 2014-04-24 21:14 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2016-03-08 17:22 - 2016-02-23 12:42 - 00002623 _____ C:\Users\Florian Robert\Desktop\GoToMeeting Quick Connect.lnk
    2016-03-08 17:22 - 2015-01-07 07:11 - 00001647 _____ C:\Users\Florian Robert\Desktop\Canon MG3500 series Printer (LAMBARENE) - Verknüpfung.lnk
    2016-03-08 17:22 - 2014-11-09 11:02 - 00001458 _____ C:\Users\Florian Robert\Desktop\gimp-2.8.exe - Verknüpfung.lnk
    2016-03-08 17:22 - 2014-10-22 04:41 - 00002321 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert.lnk
    2016-03-08 17:22 - 2014-10-22 04:41 - 00002271 _____ C:\Users\Florian Robert\Desktop\Convert.lnk
    2016-03-08 17:22 - 2014-10-15 11:17 - 00003099 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
    2016-03-08 17:22 - 2014-09-15 07:11 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
    2016-03-08 17:22 - 2014-09-15 03:25 - 00001176 _____ C:\Users\Florian Robert\Desktop\Genie Media Servers (Lambarene[Windows]) - Verknüpfung.lnk
    2016-03-08 17:22 - 2014-08-29 12:56 - 00001276 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
    2016-03-08 17:22 - 2014-08-29 12:55 - 00000469 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2016-03-08 17:22 - 2014-08-29 12:55 - 00000467 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2016-03-08 17:20 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
    2016-03-08 03:00 - 2015-10-15 03:25 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-03-08 03:00 - 2015-10-15 03:25 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-03-07 10:37 - 2014-12-29 04:35 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\PDFCreator
    2016-03-04 03:58 - 2014-10-29 13:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2016-03-01 04:30 - 2014-11-20 09:14 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

    ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

    2014-06-20 09:30 - 2014-06-20 09:30 - 0005293 _____ () C:\Users\Florian Robert\AppData\Roaming\Margin.ini
    2014-11-18 12:23 - 2014-12-10 13:45 - 0007168 _____ () C:\Users\Florian Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-09 05:57 - 2015-02-09 05:57 - 0001610 _____ () C:\Users\Florian Robert\AppData\Local\recently-used.xbel
    2015-08-14 03:04 - 2015-08-14 03:04 - 0007605 _____ () C:\Users\Florian Robert\AppData\Local\Resmon.ResmonCfg
    2014-05-29 15:11 - 2014-05-29 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Einige Dateien in TEMP:
    ====================
    C:\Users\Florian Robert\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Florian Robert\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

    C:\Windows\system32\winlogon.exe => Datei ist digital signiert
    C:\Windows\system32\wininit.exe => Datei ist digital signiert
    C:\Windows\explorer.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
    C:\Windows\system32\svchost.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
    C:\Windows\system32\services.exe => Datei ist digital signiert
    C:\Windows\system32\User32.dll => Datei ist digital signiert
    C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
    C:\Windows\system32\userinit.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
    C:\Windows\system32\rpcss.dll => Datei ist digital signiert
    C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
    C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
    C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


    LastRegBack: 2016-03-25 11:05

    ==================== Ende von FRST.txt ============================
     
  20. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Here is Addition.txt Part 1
    Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    durchgeführt von Florian Robert (2016-03-28 02:40:16)
    Gestartet von C:\Users\Florian Robert\Desktop
    Windows 8.1 (X64) (2014-08-29 16:55:45)
    Start-Modus: Normal
    ==========================================================


    ==================== Konten: =============================

    Administrator (S-1-5-21-499248853-3292403601-2203723613-500 - Administrator - Disabled)
    Florian Robert (S-1-5-21-499248853-3292403601-2203723613-1001 - Administrator - Enabled) => C:\Users\Florian Robert
    Gast (S-1-5-21-499248853-3292403601-2203723613-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-499248853-3292403601-2203723613-1005 - Limited - Enabled)

    ==================== Sicherheits-Center ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installierte Programme ======================

    (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

    7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
    abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
    abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
    abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.02.2002 - Acer Incorporated)
    abFiles Shell Extension (HKLM-x32\...\{0E1996B9-B733-4096-8FD7-239850ED0B2A}) (Version: 2.00.3001 - Acer Incorporated)
    abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
    Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
    Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8103 - Acer Incorporated)
    Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3010 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
    Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
    Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
    Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.103.2020.206 - Alps Electric)
    AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
    AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
    AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
    eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
    FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
    GenesisDependencyInstaller (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1d1c516df34faca9) (Version: 3.2.1.40 - Microsoft)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
    GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
    Intel(R) Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
    Intel(R) Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
    Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
    Joulemeter (HKLM-x32\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
    LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
    MainConceptDemoCodecs (HKLM-x32\...\{587CC611-95FA-442B-852D-A9B0DEC5C09B}) (Version: 1.01.0000 - Kummert GmbH)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MarginCalculator (HKLM-x32\...\{07292B57-7EEB-4C68-8353-F2C03F6743E0}) (Version: 2.00.14000 - Eurex)
    Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
    NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
    NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
    Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
    SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
    SAM 2015.6.30 (HKLM\...\{4A0EDADE-6CE6-4CB4-907E-1401911B4D6D}_is1) (Version: - National Renewable Energy Laboratory)
    Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Stealth Trader (HKLM-x32\...\{CE6E1500-5269-43C4-A27F-7EF642F806B1}) (Version: 2.5.3 - Epcylon Technologies, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
    Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
    Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
    Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
    WinnaLotto (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
    YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden

    ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    Task: {043C04C0-912E-448F-9516-625F063EBDE9} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
    Task: {1983AFC4-A91E-4338-A4E4-40606A7D34C1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
    Task: {1E0C86D9-7717-418B-85BE-2151801B1F08} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
    Task: {2B542F11-20B4-4B91-B8BA-F18531BDBF75} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-01-18] (Acer Incorporate)
    Task: {2C264D81-BE2A-43BB-96C7-5508AA420BDB} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
    Task: {2F02F91C-6817-4DA6-AA8A-AC9905A57956} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
    Task: {351066C4-9910-4753-9921-D875855DB128} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
    Task: {376E85C0-980F-4705-ABCF-32E2A31DE151} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
    Task: {38A47185-4F3D-41B3-839F-9D70B8F405F4} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
    Task: {512A3B5F-7206-42CD-BCEC-D57628D69156} - System32\Tasks\SafeZone scheduled Autoupdate 1458719394 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
    Task: {52ECB692-4B94-458B-8241-D436CFB282D1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
    Task: {53306C79-0E98-4DD7-BFBB-AB4BCDE6BDC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-21] (Adobe Systems Incorporated)
    Task: {612E08FE-7398-4B89-BEEB-C22736E637DF} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
    Task: {647F822C-5494-497D-9126-3EAF611C1AED} - System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {6D6C0714-71EC-43F7-BB8A-6BDE5EE97DF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {70E30D3F-7F5A-4465-B3D4-FE57FF72C816} - System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {72CBF039-634D-4EB3-9FF0-D4242D961C7E} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
    Task: {7DD729FA-E5F2-41F1-952E-4EDF5A7BEB26} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
    Task: {81369795-B8A7-4282-AF85-36607ED59EAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
    Task: {833A8C49-7BA2-47F4-94FB-4EDCDAD6D4C7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
    Task: {84A2C329-5D8A-4F1B-A486-37102291120B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
    Task: {8516AB4D-CDB3-4941-B482-E741EFE1E2F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
    Task: {8911D987-EA05-4426-9260-40C3ABF4013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
    Task: {8D6A02C4-DF12-4C14-84A5-85855FD8FF32} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
    Task: {91835FDF-0EAA-44AB-A585-48BC7C6DAA76} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
    Task: {9D4AE1C4-0189-4D31-A5B4-B900283B877C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
    Task: {A4587FAC-2F27-40DD-B379-0025AEA88938} - System32\Tasks\Florian Robert DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
    Task: {D7AFA013-901F-4AB8-9104-3ED5E1A2859D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
    Task: {E053A28F-2488-46AE-AF68-51CCA551B9B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
    Task: {E3B3D0C5-6CC1-4960-874E-33A0A8BAC849} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-04] (Microsoft Corporation)
    Task: {F071FE89-9903-4294-96D1-28B3F4B97842} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
    Task: {F512499D-FBA8-4EF0-9B40-1B17B017C409} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-09] (AVAST Software)
    Task: {FC50D263-9778-4E50-AD07-8E43C0153FEF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Verknüpfungen =============================

    (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

    ==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

    2014-05-29 14:53 - 2014-03-24 08:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-09-06 04:01 - 2012-06-21 01:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
    2013-09-04 14:13 - 2013-09-04 14:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2014-08-30 05:26 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-07-07 05:44 - 2015-07-07 05:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
    2015-12-03 07:43 - 2015-12-03 07:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
    2014-05-29 15:29 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2014-05-29 15:35 - 2014-01-03 08:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
    2013-07-08 12:53 - 2013-07-08 12:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
    2016-02-09 09:18 - 2016-02-09 09:18 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-02-09 09:18 - 2016-02-09 09:18 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-03-27 06:24 - 2016-03-27 06:24 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032701\algo.dll
    2016-02-09 09:18 - 2016-02-09 09:18 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-03-28 02:36 - 2016-03-28 02:36 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032702\algo.dll
    2014-10-29 13:00 - 2014-05-13 07:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-10-29 13:00 - 2014-05-13 07:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-10-29 13:00 - 2014-05-13 07:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-10-29 13:00 - 2012-08-23 05:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-10-29 13:00 - 2012-04-03 12:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2011-03-09 08:21 - 2011-03-09 08:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    2011-03-09 08:21 - 2011-03-09 08:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    2015-12-06 04:21 - 2015-12-06 04:21 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-11-15 06:55 - 2016-02-22 22:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2014-11-15 06:42 - 2016-02-22 22:23 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2015-12-03 10:21 - 2015-12-03 10:21 - 00202456 _____ () C:\Program Files (x86)\Acer\abMedia\curllib.dll
    2015-12-03 10:23 - 2015-12-03 10:23 - 00654000 _____ () C:\Program Files (x86)\Acer\abMedia\sqlite3.dll
    2015-12-03 10:23 - 2015-12-03 10:23 - 00641240 _____ () C:\Program Files (x86)\Acer\abMedia\tag.dll
    2015-12-03 10:23 - 2015-12-03 10:23 - 00119000 _____ () C:\Program Files (x86)\Acer\abMedia\OpenLDAP.dll
    2016-02-05 15:06 - 2016-02-05 15:06 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
    2016-01-14 18:12 - 2016-01-14 18:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
    2016-01-14 18:11 - 2016-01-14 18:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
    2015-11-23 13:44 - 2015-11-23 13:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
    2016-01-19 16:06 - 2016-01-19 16:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
    2016-01-19 16:06 - 2016-01-19 16:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
    2014-05-29 14:55 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


    ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
  21. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Here is Part 2 of Additions.txt:
    ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


    ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    Da befinden sich 7872 mehr Seiten.

    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123simsen.com -> www.123simsen.com

    Da befinden sich 7872 mehr Seiten.


    ==================== Hosts Inhalt: ==========================

    (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

    2013-08-22 09:25 - 2016-03-07 05:12 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    Da befinden sich 15471 zusätzliche Einträge.


    ==================== Andere Bereiche ============================

    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall ist aktiviert.

    ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

    HKLM\...\StartupApproved\Run32: => "HostManager"
    HKLM\...\StartupApproved\Run32: => "DBAgent"
    HKLM\...\StartupApproved\Run32: => "FreePDF Assistant"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Uploader"
    HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Spotify Web Helper"

    ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{BE63103F-01FE-4676-8B94-97D7DC811EC5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
    FirewallRules: [{528BC9F1-A002-4ECF-9F06-1A777F61C024}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
    FirewallRules: [{1B781FC7-4111-4EC1-9A81-7C5202337095}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{AEC31969-333F-40C6-A19B-573BC8622596}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{ADEE17FA-9B20-4698-A30F-DF632BAFB8E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{E84B5257-4EA8-4495-ACEE-02B49E7A1E21}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{BA38BBD5-5942-4246-A968-37972E3F5654}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{D57CC8DF-6A80-4F40-B14A-C4EF81BC03C4}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{63FA8E33-7307-4637-96BC-42B4570236AF}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{E283BB9B-4C7F-4707-B7A7-DA251AEB87D7}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{E20EF89D-36B3-4D32-A69B-FE8471EB0BF2}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{518B10CC-5BCE-47F9-8B4A-0FDFF7083F3D}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
    FirewallRules: [{84645464-4B73-4F87-9287-60D56F609122}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
    FirewallRules: [{1A945F5A-9CF6-4649-B28C-B7521349F578}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{A2034403-65A3-4FAC-A780-B83C4837CB90}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{AE7EA85D-1AAD-4E96-8E30-786DEFC31BC0}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{27A73335-38CB-473B-8719-3F89C3588F3C}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{3E062DC1-DBDA-4906-A7AC-EE6B9EAFC95F}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{6D5DB314-940C-4545-A2BC-BBC5CEFA27FC}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{2D2B4A18-FC98-49E3-BADA-F89C6BA5817E}] => (Allow) LPort=8888
    FirewallRules: [{7E5C0E00-F608-4F40-BFE0-58FBA197FE4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{158D565F-2419-4588-A26F-905FEC645665}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{CFD355E3-DD15-42FE-861A-E0CBE1511910}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{B8CD7291-1844-4BF7-BAC1-0C3C31F20E73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{6B6D5368-7C75-4DC5-8E5C-4019E1D2812D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DC807A60-CACA-4A62-B954-3839B9656727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DD59612C-C005-4513-917C-FB78A8A7CA2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DFA8515A-B676-480B-AC7B-5A55E745A4BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A0FB273A-11A8-4A30-8031-F80B0533EF6F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{13CD43FF-4354-414D-9E61-9256B9D034D6}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
    FirewallRules: [{5DBA44E4-BC86-41DF-8656-D5F69171780E}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{23E3590C-EDF8-435A-904C-00B66EBEC9C1}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
    FirewallRules: [{51512AF6-109A-47E4-9291-3DFFD9F28E2A}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{ABC1AD0D-94D6-4C5B-8B21-8880546513CF}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
    FirewallRules: [{439882BE-72FB-49BE-8DCF-76FFEB4DBF54}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{A61CAB5D-CEA7-4199-9163-33190848D109}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
    FirewallRules: [{8D682E05-E80B-4411-A4C0-60CF78AA5D5B}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{6710D04F-8592-44DF-AFF6-6177A73D7BD9}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
    FirewallRules: [{D7ECA97D-7AC5-4D49-AA9C-F53AB9A7AC07}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{08B72412-0F80-4ED1-B85C-851E4B153342}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
    FirewallRules: [{1F4D17B4-4E5D-45A4-B073-E9A1704A8D8D}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{7827D62E-89F8-494E-9B58-37B3A3169CBA}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
    FirewallRules: [{CE064D7C-0584-407A-93DB-BE0062827D51}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{BDF7047E-0755-4460-93AA-8E018DC7C774}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
    FirewallRules: [{1B90EE3C-2C85-44CE-9A9E-E594814EC60F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{4BD0D59F-776D-4236-BD8C-B2897A74A348}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
    FirewallRules: [{406D9472-5134-4699-A54F-6B2D264CCC91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{84FDCAAE-AF87-474E-B31F-6A4C41FB170F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A186846E-3CC9-4BED-B766-FE5DB5012C64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A5A7918D-CCA9-456A-A26F-DC07569C72FB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{C953820C-8A83-4BF2-BF9B-9CD18405DB56}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{6F739AE1-CB87-4BED-BC60-F40E173A7F92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{EB636362-36CF-4239-BE33-6D60C5B21451}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{EA0876E7-7883-435C-9D40-5CE5BE1976DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{F4218BE4-F7FD-417A-9319-DF3430D0E989}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{596B9E55-4EC4-4A29-ACB4-5B864FC98E81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5C98BB30-90E6-479A-ABB3-D5F02B8C6E72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{4441C552-9E32-4825-BBA5-1B748024AEEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{48DAB9D6-EF45-40D9-9656-1E780A1BCBA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{57D0ADA1-1D63-445F-ACBD-0371C1A9678E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{974439C0-8264-4F7B-895C-B0DE38038E32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{E92BFC83-C73F-471C-B655-F099F0462C44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{25EE1910-5A61-4F84-AED2-A85043F6E66C}] => (Allow) LPort=8888
    FirewallRules: [{67A2A0FC-70AF-4C6D-B8F0-1A4AAADB8597}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{B4FB5395-208C-403E-A8CF-9F2762F56CFD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{2A4FA544-A387-4176-B193-FD060E9C1BE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{50D1D61A-778A-4E95-91F7-E8C5E0C2A609}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{EBB9CAED-0AF6-4C08-924C-F9BCE2D018C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{DFA1C554-1F5B-4CAB-BE6B-0E9EE3EB72AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{0792797F-73BB-473F-BAB9-0542A25CCFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D8D8BCF3-5560-4F80-8550-5D82C194F925}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [TCP Query User{14593135-DE9B-420F-B3D1-94BA9B809274}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{0C1AD51E-92B8-42E7-8D89-9F02D83909BB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{119F7757-D5DB-442B-B993-7C83585F19E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{B9493091-11E9-4366-8515-A74C38418D2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{C84C1DF6-BAAE-43AB-9118-2F86C848C3EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A97A83AA-91D6-4A0E-9E18-18BBE783D9AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D21911CC-25EC-4D93-B6E4-9E891E24FDF3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{AA4AA449-5FB8-43A7-91F8-76C76F2B7DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{86154076-E317-4026-9051-EAFBC8DE63AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{A1621378-B077-4F25-A98E-F66E2A0CE46D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{41C79DCC-0ACA-4C75-97A5-E891251C65E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{45D86E81-2142-4956-B5FB-92E62060473A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{B97B6753-C820-4FC3-B638-05C4A6ACB72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{7E618D33-0C92-4AFA-B165-31B81C95278D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DB079ABF-600C-49EF-B69B-6A464D92A006}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{8BC5D5A8-95F2-4741-81D7-C844EF1E878A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1DA4E5A4-59DD-4F2A-B130-8D78E5BCC94B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{98D39DD7-F072-4189-9B1C-9437865A5DE8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D36BB8DD-DC10-4F77-B194-08F80BCA1709}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{73DD00CD-0919-4AF0-B205-6D099A9FFCBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{946CDC96-66DA-455A-A1E8-5AA170CA93D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{69FF58EC-3CE4-4A68-9C60-5835C800D8FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{5EBDDDB7-690F-483D-B869-13B7D02A91F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{6013E745-1042-499D-9D99-B3D33B877D3C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{CFCEBB1F-48AA-440A-A67A-18DF91B569E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{8ABC8A64-70DA-4B4B-BB84-C2DA6E27EB3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{C728CDAA-8B85-4507-909E-472583D73A21}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{D5F9ED46-03B8-495B-A3F5-46DEF918004D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DD6985B1-9CC6-49BB-A13A-04A733229AA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{020A4680-3E89-446D-B700-0105D6F30E5B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{84FEDEFD-E9D2-4E47-81DE-B233169D0D85}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{BF7088D1-5125-4D2D-B7A9-FB1B491B9AFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{F96413CC-E9C9-4995-AD4D-076D5F71A5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{88EB3689-CB2A-4F69-AF64-BDC22C035019}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1452F46A-990F-4866-813A-3BE3CEFD6556}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{47368D5A-753D-4930-B7E5-3C1579DC3D7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{1C4F7991-659F-45E5-850B-D35A27D664A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{DA87CF50-5225-40C8-8D73-F41D2053BEE2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1A0CE8E7-6E14-4813-A948-B3C595A59241}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{4BAC57A9-0013-4526-BF17-53D2F42726F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{B77D79B6-DB55-4513-B5CF-2A532B760D32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{E5230FC5-F456-4228-B6D9-814B5E19B3A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{655279DD-0935-4649-8FD2-8B7A4743490C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A09F8F39-C76E-4360-8AE2-7BDE4B318E86}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{C325ED5F-CF76-453E-9B1B-7C396EDFFA0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{8A6C666E-715E-4107-9715-30900496197E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{74349A4D-B31B-4AA8-BBB5-63475FC25E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1C6F77A8-04A7-410B-BD3F-BEE3A1424C55}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{1C5711A9-0EFD-4178-9307-2D7C3DA9450A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{00CD2CA3-24C0-41FA-8551-0573D82880BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{8236F01C-98F5-4CB3-A832-F7FF77D1942A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{51C75DAB-9576-4982-B15A-8B887F7B345A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{A0B098E2-7A24-4325-994C-33B12EB22232}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
    FirewallRules: [{34B73CEA-8E5B-482E-8DFF-5DCA2A8B7EBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [{AE915E69-A811-44CD-92AE-CFE2F151ED91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
    FirewallRules: [TCP Query User{C6A8CDB9-B617-40C1-94BA-54CD7525ADD1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{EECF6088-A320-48E9-A39A-F5051E90BFA6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Wiederherstellungspunkte =========================

    08-03-2016 11:18:04 Intel(R) Technology Access
    11-03-2016 13:48:14 Windows Update
    24-03-2016 04:40:26 Windows Update
    27-03-2016 05:55:39 JRT Pre-Junkware Removal

    ==================== Fehlerhafte Geräte im Gerätemanager =============


    ==================== Fehlereinträge in der Ereignisanzeige: =========================

    Applikationsfehler:
    ==================
    Error: (03/26/2016 07:05:49 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
    Name des fehlerhaften Moduls: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x00068798
    ID des fehlerhaften Prozesses: 0x1848
    Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
    Pfad der fehlerhaften Anwendung: EXCEL.EXE1
    Pfad des fehlerhaften Moduls: EXCEL.EXE2
    Berichtskennung: EXCEL.EXE3
    Vollständiger Name des fehlerhaften Pakets: EXCEL.EXE4
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EXCEL.EXE5

    Error: (03/26/2016 06:25:12 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 45.0.1.5918, Zeitstempel: 0x56e8b7df
    Name des fehlerhaften Moduls: mozglue.dll, Version: 45.0.1.5918, Zeitstempel: 0x56e8a981
    Ausnahmecode: 0x80000003
    Fehleroffset: 0x0000f0ea
    ID des fehlerhaften Prozesses: 0x2510
    Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
    Pfad der fehlerhaften Anwendung: plugin-container.exe1
    Pfad des fehlerhaften Moduls: plugin-container.exe2
    Berichtskennung: plugin-container.exe3
    Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

    Error: (03/26/2016 06:25:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm firefox.exe, Version 45.0.1.5918 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: 1ac4

    Startzeit: 01d187421ddcfd0b

    Endzeit: 366

    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    Berichts-ID: fde30c5d-f33c-11e5-86bc-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

    Error: (03/24/2016 05:40:10 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-499248853-3292403601-2203723613-1001}/">.

    Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

    Details:
    Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)

    Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

    Details:
    Die Daten sind unzulässig. 0x8007000d (0x8007000d)

    Error: (03/23/2016 06:27:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Anwendung: Seagate.Dashboard.DASWindowsService.exe
    Frameworkversion: v4.0.30319
    Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
    Ausnahmeinformationen: System.Management.ManagementException
    Stapel:
    bei System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
    bei System.Management.SinkForEventQuery.Cancel()
    bei System.Management.ManagementEventWatcher.Stop()
    bei System.Management.ManagementEventWatcher.Finalize()

    Error: (03/23/2016 03:04:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm CLVIEW.EXE, Version 15.0.4801.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: a00

    Startzeit: 01d18536b95b0d9b

    Endzeit: 18

    Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\CLVIEW.EXE

    Berichts-ID: fcfd7070-f129-11e5-86b2-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

    Error: (03/23/2016 04:12:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: 120

    Startzeit: 01d184d79c1793e8

    Endzeit: 0

    Anwendungspfad: C:\Windows\Explorer.EXE

    Berichts-ID: 34120cd4-f0ce-11e5-86b1-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

    Error: (03/23/2016 04:06:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Programm EXCEL.EXE, Version 15.0.4805.1001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

    Prozess-ID: 85c

    Startzeit: 01d184d8586be741

    Endzeit: 131

    Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

    Berichts-ID: 290075e0-f0ce-11e5-86b1-c4544477a64a

    Vollständiger Name des fehlerhaften Pakets:

    Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


    Systemfehler:
    =============
    Error: (03/28/2016 02:34:28 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: Das System wurde zuvor am ‎27.‎03.‎2016 um 22:20:58 unerwartet heruntergefahren.

    Error: (03/27/2016 12:26:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

    Error: (03/27/2016 12:22:21 PM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 12:22:21 PM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 12:22:19 PM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

    Error: (03/27/2016 06:25:01 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
    Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


    CodeIntegrity:
    ===================================
    Date: 2014-11-20 08:00:20.317
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-11-20 07:46:58.286
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Speicherinformationen ===========================

    Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
    Prozentuale Nutzung des RAM: 24%
    Installierter physikalischer RAM: 8072.27 MB
    Verfügbarer physikalischer RAM: 6075.13 MB
    Summe virtueller Speicher: 9352.27 MB
    Verfügbarer virtueller Speicher: 7131.64 MB

    ==================== Laufwerke ================================

    Drive c: (Acer) (Fixed) (Total:898.59 GB) (Free:691.59 GB) NTFS

    ==================== MBR & Partitionstabelle ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1CCF8D51)

    Partition: GPT.

    ==================== Ende von Addition.txt ============================
     
  22. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Dear Bruni, thanks for your patience. From my limited knowledge I deduct that there is damage to EXCEL and other places. What can I do to "undo" or correct these defects?
    What is your advice?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Not sure what you mean...

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  24. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Ok. Saved your fixlist.txt to my Desktop. Will run FRST now.
     
  25. Florian

    Florian TS Rookie Topic Starter Posts: 29

    Hi Bruni, you wrote:
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    I ran FRST64.exe but there is no "FIX" button. I have four choices: Scan, File search, Registry search and Remove.

    I pressed "Scan" and it generated another FRST.txt file.

    Am I missing something?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...