Solved Possible Malware/Adware etc infection?

F

Florian

Posts: 29   +0
Good morning to all and Happy Easter!
I am located in Germany, a Computer semi-literate. Some days ago, I noticed weired behaviour I.e. while browsing the I-net, lots of windows poppeed up, asking me to install this or that, fake WINDOWS notifications etc. I have AVAST free version and scanned, found some, quarantined and deleted them, used Super-Anti-Spyware free edition, found some, deleted them. Found Malwarebytes-Antimalware, downloaded it and Mw found some more, deleted it. Everything seemed OK. For two days, I am noticing that my Notebook is very slow, opening of standard programs such as EXCEL, WORD take about one minute.

I read some malware posts on this forum, became a member and downloaded Farbar, JRT.exe, adwcleaner 5.105 and Rogue Killer. But apart from Malwarebytes Anti-Malware, I have only installed Farbar, since I deducted from other posts that running Farbar and posting the two files FRST.txt and Addition.txt is the first step / standard procedure.
What can / should I do now?
Any help is greatly appreciated!
Here is part 1 of FRST.txt. Unfortunately it seems too long as a whole file to post, so I cut it in several parts:


Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Florian Robert (Administrator) auf FLORIAN (26-03-2016 07:24:25)
Gestartet von C:\Users\Florian Robert\Desktop
Geladene Profile: Florian Robert (Verfügbare Profile: Florian Robert)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool:

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Pokki) C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-09-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1409474061\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {6f730b64-3e72-11e4-826a-083e8eee820c} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775b79-2f9b-11e4-825e-c4544477a64a} - "D:\EasySuite.exe"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775bc4-2f9b-11e4-825e-c4544477a64a} - "E:\EasySuite.exe"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-03-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-08]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{04133109-4254-4054-9646-F72C15C37638}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-499248853-3292403601-2203723613-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=22079&r=2015/02/22&hid=13470389669579871766&lg=EN&cc=DE&unqvl=82&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499248853-3292403601-2203723613-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Florian Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-12-18]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-01-18] (Acer Incorporate)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-04] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-04] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-20] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2013-09-07] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-16] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-16] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
Sorry but it seems there is a limit of 50,000 characters per message and my files seem too long for that. Here is part 2 of FRST.txt:

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-26 07:24 - 2016-03-26 07:25 - 00025905 _____ C:\Users\Florian Robert\Desktop\FRST.txt
2016-03-26 07:24 - 2016-03-26 07:24 - 00000000 ____D C:\FRST
2016-03-26 06:32 - 2016-03-26 06:32 - 02374144 _____ (Farbar) C:\Users\Florian Robert\Desktop\FRST64.exe
2016-03-26 06:10 - 2016-03-26 06:10 - 19655240 _____ C:\Users\Florian Robert\Desktop\RogueKiller.exe
2016-03-26 05:53 - 2016-03-26 05:53 - 01530368 _____ C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
2016-03-26 05:45 - 2016-03-26 05:45 - 01610352 _____ (Malwarebytes) C:\Users\Florian Robert\Desktop\JRT.exe
2016-03-26 05:20 - 2016-03-26 05:20 - 06868672 _____ (Piriform Ltd) C:\Users\Florian Robert\Downloads\ccsetup516.exe
2016-03-24 04:40 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-24 04:40 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-24 04:40 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-24 04:40 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-24 04:40 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-24 04:40 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-24 04:39 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-03-24 04:39 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-24 04:39 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-03-24 04:39 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-03-24 04:39 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-03-24 04:39 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-03-24 04:39 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-03-24 04:39 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-03-24 04:39 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-03-24 04:39 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-03-24 04:39 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-24 04:39 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-03-24 04:39 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-03-24 04:36 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-24 04:36 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-24 04:36 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-03-24 04:36 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-03-24 04:36 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-03-24 04:36 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-24 04:36 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-03-24 04:36 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-03-24 04:36 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-24 04:36 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-03-24 04:36 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-03-24 04:36 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-03-24 04:36 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2016-03-24 04:36 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-03-24 04:36 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-03-24 04:36 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-03-24 04:36 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-24 04:36 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-03-24 04:36 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-03-24 04:36 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-24 04:36 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-03-24 04:36 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-03-24 04:36 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-03-24 04:36 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-03-24 04:36 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-03-24 04:36 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-24 04:36 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-03-24 04:36 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-03-24 04:36 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-03-24 04:36 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-03-24 04:36 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-24 04:36 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-03-24 04:36 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-03-24 04:36 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-03-24 04:36 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-03-24 04:36 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-24 04:36 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-24 04:36 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-24 04:33 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-03-24 04:33 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-03-24 04:32 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-03-24 04:32 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-03-24 04:31 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-24 04:31 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-24 04:31 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-24 04:31 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-24 04:31 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-24 04:31 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-24 04:31 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-24 04:31 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-24 04:31 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-03-24 04:31 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-03-24 04:31 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-24 04:31 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-03-24 04:31 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-03-24 04:31 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-03-24 04:31 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-03-24 04:31 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-03-24 04:31 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-03-23 03:50 - 2016-03-23 04:12 - 00003068 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458719394
2016-03-23 03:50 - 2016-03-23 04:12 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 03:50 - 2016-03-23 03:50 - 00001057 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 03:48 - 2016-03-23 03:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-22 05:52 - 2016-03-22 05:52 - 00000562 _____ C:\Users\Florian Robert\Downloads\Stealth Trader v2.6.0.msi
2016-03-12 07:46 - 2016-03-12 07:46 - 00001309 _____ C:\Malewarebytes log 12 March 2016.txt
2016-03-10 04:38 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-10 04:38 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-10 04:38 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-10 04:38 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-10 04:38 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-10 04:38 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-10 04:38 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-10 04:38 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-10 04:38 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-10 04:38 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-10 04:38 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-10 04:38 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-10 04:38 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-10 04:38 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-10 04:38 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-10 04:38 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-10 04:38 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-10 04:38 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-10 04:38 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-10 04:38 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-10 04:38 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-10 04:38 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-10 04:38 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-10 04:38 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-10 04:38 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-10 04:38 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-10 04:38 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-10 04:38 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-10 04:38 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-10 04:38 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-10 04:38 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-10 04:38 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-10 04:38 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-10 04:38 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-10 04:38 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-10 04:38 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-10 04:38 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-10 04:38 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-10 04:38 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-10 04:37 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 04:33 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-10 04:33 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-10 04:33 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-10 04:33 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-10 04:33 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-10 04:33 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-10 04:33 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-10 04:33 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-10 04:33 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-10 04:33 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-10 04:33 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-10 04:33 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-10 04:33 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-10 04:33 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-10 04:33 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-10 04:33 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-10 04:33 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-10 04:33 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-10 04:33 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-10 04:33 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-10 04:32 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-10 04:32 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-10 04:32 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-10 04:32 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-10 04:31 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-10 04:30 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-10 04:30 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-10 04:30 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-10 04:30 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-10 04:30 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-10 04:29 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-10 04:29 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 02:58 - 2016-03-09 02:58 - 00001238 _____ C:\Malewarebytes log 09 March 2016.txt
2016-03-08 17:17 - 2016-03-08 17:17 - 00001220 _____ C:\Malewarebytes log 08 March 2016.txt
2016-03-08 16:25 - 2016-03-20 03:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-08 16:24 - 2016-03-08 17:23 - 00001072 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-08 16:24 - 2015-10-05 10:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-08 16:24 - 2015-10-05 10:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-08 16:24 - 2015-10-05 10:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 16:16 - 2016-03-08 16:17 - 22908888 _____ (Malwarebytes ) C:\Users\Florian Robert\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-08 09:02 - 2016-03-08 09:03 - 00013824 ___SH C:\Users\Florian Robert\Desktop\Thumbs.db
2016-03-08 09:01 - 2016-03-08 09:01 - 00000000 ____D C:\Users\Florian Robert\Documents\ProcAlyzer Dumps
2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-03-07 11:05 - 2016-03-07 11:05 - 00000000 ____D C:\Users\Florian Robert\Documents\Avast Config
2016-03-07 05:12 - 2015-07-05 14:49 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20160307-041220.backup
2016-03-07 04:48 - 2016-03-07 04:48 - 00001244 _____ C:\Windows\wininit.ini
2016-03-06 18:52 - 2016-03-07 10:04 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\app
2016-03-06 12:56 - 2016-03-08 17:22 - 00001916 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-03-06 11:54 - 2016-03-06 11:54 - 01806364 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-04 11:42 - 2016-03-04 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotto Architect 2.2
2016-02-26 09:55 - 2016-01-06 14:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-02-26 09:55 - 2015-12-30 17:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-26 09:54 - 2016-01-24 14:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-02-26 09:54 - 2016-01-24 14:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-02-26 09:54 - 2016-01-24 07:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-02-26 09:54 - 2016-01-24 07:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-02-26 09:54 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-02-26 09:54 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-02-26 09:54 - 2016-01-08 21:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-02-26 09:53 - 2016-01-10 12:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-26 09:53 - 2016-01-10 12:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-26 09:53 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-02-26 09:53 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-02-26 09:53 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-02-26 09:53 - 2015-11-19 10:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-02-26 09:53 - 2015-11-19 10:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-02-26 09:52 - 2015-12-30 16:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-02-26 09:52 - 2015-12-20 10:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-02-26 09:52 - 2015-12-20 10:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2016-02-26 09:52 - 2015-12-20 10:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-02-26 09:51 - 2016-01-05 11:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-02-25 19:00 - 2016-02-25 19:00 - 00000000 ____D C:\Users\Florian Robert\Documents\Test Archive Genesis
2016-02-25 18:52 - 2004-03-09 01:00 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2016-02-25 18:12 - 2016-02-25 19:05 - 00000000 ____D C:\Users\Florian Robert\Documents\Pages
2016-02-25 18:12 - 2016-02-25 18:12 - 00000000 ____D C:\Users\Florian Robert\Documents\Req
2016-02-25 18:12 - 2016-02-23 11:25 - 00051911 _____ C:\Users\Florian Robert\Documents\Cus00004^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00036257 _____ C:\Users\Florian Robert\Documents\Cus00005^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00033546 _____ C:\Users\Florian Robert\Documents\Cus00003^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00031705 _____ C:\Users\Florian Robert\Documents\Cus00002^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00030162 _____ C:\Users\Florian Robert\Documents\Cus00006.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00030161 _____ C:\Users\Florian Robert\Documents\Cus00007.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00030155 _____ C:\Users\Florian Robert\Documents\Cus00004.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00030128 _____ C:\Users\Florian Robert\Documents\Cus00002.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00030123 _____ C:\Users\Florian Robert\Documents\Cus00003.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00030122 _____ C:\Users\Florian Robert\Documents\Cus00005.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00030106 _____ C:\Users\Florian Robert\Documents\Cus00001.CHT
2016-02-25 18:12 - 2016-02-23 11:25 - 00016537 _____ C:\Users\Florian Robert\Documents\Cus00001^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00013845 _____ C:\Users\Florian Robert\Documents\Cus00007^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00012997 _____ C:\Users\Florian Robert\Documents\Cus00006^242585.ANO
2016-02-25 18:12 - 2016-02-23 11:25 - 00000810 _____ C:\Users\Florian Robert\Documents\Charts.cfg
2016-02-25 18:12 - 2016-01-28 12:27 - 00000959 _____ C:\Users\Florian Robert\Documents\^18168.ANO
2016-02-25 18:12 - 2016-01-23 03:22 - 00001342 _____ C:\Users\Florian Robert\Documents\^239095.ANO
2016-02-25 18:12 - 2016-01-22 05:16 - 00000633 _____ C:\Users\Florian Robert\Documents\^20082.ANO
2016-02-25 18:12 - 2016-01-22 05:08 - 00001334 _____ C:\Users\Florian Robert\Documents\^6826.ANO
2016-02-25 18:12 - 2016-01-22 04:58 - 00000432 _____ C:\Users\Florian Robert\Documents\^4638.ANO
2016-02-25 18:12 - 2016-01-22 04:32 - 00000561 _____ C:\Users\Florian Robert\Documents\^62072.ANO
2016-02-25 18:12 - 2016-01-21 07:23 - 00001263 _____ C:\Users\Florian Robert\Documents\^49875.ANO
2016-02-25 18:12 - 2016-01-20 13:52 - 00000901 _____ C:\Users\Florian Robert\Documents\^17913.ANO
2016-02-25 18:12 - 2016-01-20 13:22 - 00001786 _____ C:\Users\Florian Robert\Documents\^27.ANO
2016-02-25 18:12 - 2016-01-20 12:54 - 00000903 _____ C:\Users\Florian Robert\Documents\^10223.ANO
2016-02-25 18:12 - 2016-01-20 06:14 - 00000837 _____ C:\Users\Florian Robert\Documents\^5827.ANO
2016-02-25 18:12 - 2016-01-19 05:39 - 00000010 _____ C:\Users\Florian Robert\Documents\Page.flg
2016-02-25 18:12 - 2016-01-18 17:49 - 00003108 _____ C:\Users\Florian Robert\Documents\^1680.ANO
2016-02-25 18:12 - 2016-01-18 17:49 - 00001783 _____ C:\Users\Florian Robert\Documents\^45540.ANO
2016-02-25 18:12 - 2016-01-18 17:49 - 00000900 _____ C:\Users\Florian Robert\Documents\^68101.ANO
2016-02-25 18:12 - 2016-01-18 13:19 - 00000577 _____ C:\Users\Florian Robert\Documents\^23626.ANO
2016-02-25 18:12 - 2016-01-18 13:19 - 00000515 _____ C:\Users\Florian Robert\Documents\^118352.ANO
2016-02-25 18:12 - 2016-01-16 16:02 - 00001239 _____ C:\Users\Florian Robert\Documents\^207994.ANO
2016-02-25 18:12 - 2016-01-15 06:43 - 00000886 _____ C:\Users\Florian Robert\Documents\^115253.ANO
2016-02-25 18:12 - 2016-01-15 05:45 - 00000437 _____ C:\Users\Florian Robert\Documents\^64834.ANO
2016-02-25 18:12 - 2016-01-01 07:28 - 00000888 _____ C:\Users\Florian Robert\Documents\^5994.ANO
2016-02-25 18:12 - 2016-01-01 06:56 - 00000446 _____ C:\Users\Florian Robert\Documents\^2596.ANO
2016-02-25 18:12 - 2016-01-01 06:06 - 00000881 _____ C:\Users\Florian Robert\Documents\^42559.ANO
2016-02-25 18:12 - 2015-12-31 04:04 - 00002678 _____ C:\Users\Florian Robert\Documents\^229273.ANO
2016-02-25 18:12 - 2015-12-30 04:09 - 00000888 _____ C:\Users\Florian Robert\Documents\^243603.ANO
2016-02-25 18:12 - 2015-12-22 03:58 - 00001335 _____ C:\Users\Florian Robert\Documents\^16369.ANO
2016-02-25 18:12 - 2015-12-18 04:38 - 00000448 _____ C:\Users\Florian Robert\Documents\^13099.ANO
2016-02-25 18:12 - 2015-12-17 15:21 - 00002249 _____ C:\Users\Florian Robert\Documents\^82859.ANO
2016-02-25 18:12 - 2015-12-17 15:21 - 00001755 _____ C:\Users\Florian Robert\Documents\^22276.ANO
2016-02-25 18:12 - 2015-11-20 12:44 - 00000447 _____ C:\Users\Florian Robert\Documents\^243526.ANO
2016-02-25 18:12 - 2015-11-18 12:54 - 00000903 _____ C:\Users\Florian Robert\Documents\^87352.ANO
2016-02-25 18:12 - 2015-10-29 06:05 - 00000442 _____ C:\Users\Florian Robert\Documents\^49924.ANO
2016-02-25 18:12 - 2013-12-27 13:24 - 00000765 _____ C:\Users\Florian Robert\Documents\^114192.ANO
2016-02-25 18:12 - 2013-12-25 16:41 - 00001130 _____ C:\Users\Florian Robert\Documents\Replay^118293.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00007^229273.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00006^229273.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00005^229273.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00004^229273.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00003^229273.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00002^229273.ANO
2016-02-25 18:12 - 2013-10-14 13:06 - 00012874 _____ C:\Users\Florian Robert\Documents\Cus00001^229273.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00007^223581.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00006^223581.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00005^223581.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00004^223581.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00003^223581.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00002^223581.ANO
2016-02-25 18:12 - 2013-09-30 13:43 - 00007976 _____ C:\Users\Florian Robert\Documents\Cus00001^223581.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00007^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00006^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00005^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00004^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00003^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00002^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:45 - 00001099 _____ C:\Users\Florian Robert\Documents\Cus00001^240656.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00007^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00006^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00005^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00004^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00003^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00002^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:41 - 00000558 _____ C:\Users\Florian Robert\Documents\Cus00001^243603.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00007^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00006^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00005^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00004^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00003^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00002^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:38 - 00004409 _____ C:\Users\Florian Robert\Documents\Cus00001^113909.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00007^114202.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00006^114202.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00005^114202.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00004^114202.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00003^114202.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00002^114202.ANO
2016-02-25 18:12 - 2013-09-29 19:25 - 00005597 _____ C:\Users\Florian Robert\Documents\Cus00001^114202.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00007^3371.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00006^3371.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00005^3371.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00004^3371.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00003^3371.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00002^3371.ANO
2016-02-25 18:12 - 2013-09-29 18:40 - 00001680 _____ C:\Users\Florian Robert\Documents\Cus00001^3371.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00007^25949.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00006^25949.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00005^25949.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00004^25949.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00003^25949.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00002^25949.ANO
2016-02-25 18:12 - 2013-09-29 17:59 - 00006390 _____ C:\Users\Florian Robert\Documents\Cus00001^25949.ANO
2016-02-25 18:08 - 2016-02-25 18:08 - 82677976 _____ C:\Users\Florian Robert\Desktop\tninstall.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========
 
Sorry, here is part 3 of FRST.txt :

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-26 07:06 - 2016-02-23 12:42 - 00000632 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
2016-03-26 06:51 - 2016-02-23 12:42 - 00000728 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
2016-03-26 06:46 - 2016-02-10 20:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-26 06:44 - 2015-06-26 05:39 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-26 06:25 - 2014-09-10 08:16 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\CrashDumps
2016-03-26 05:29 - 2014-09-15 10:32 - 00000000 ____D C:\Users\Florian Robert\Documents\Registry changes log
2016-03-26 05:26 - 2014-08-29 13:01 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-499248853-3292403601-2203723613-1001
2016-03-26 05:26 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-03-26 05:21 - 2015-05-18 04:03 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-26 04:45 - 2014-04-24 21:06 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-03-26 04:03 - 2014-05-30 00:22 - 00784836 _____ C:\Windows\system32\perfh007.dat
2016-03-26 04:03 - 2014-05-30 00:22 - 00165004 _____ C:\Windows\system32\perfc007.dat
2016-03-26 04:03 - 2014-03-18 06:03 - 01814802 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-26 04:02 - 2014-08-29 12:55 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform
2016-03-26 03:59 - 2015-06-26 05:39 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-26 03:59 - 2014-09-12 10:36 - 00000000 ____D C:\Users\Florian Robert\OneDrive
2016-03-26 03:55 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-25 16:22 - 2014-09-10 11:17 - 00000344 _____ C:\Windows\lgfwup.ini
2016-03-25 16:22 - 2014-09-10 11:17 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2016-03-25 14:55 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-25 03:56 - 2015-12-06 04:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-24 04:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-03-24 04:50 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-24 01:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-23 14:16 - 2016-02-23 12:42 - 00003744 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001
2016-03-23 14:16 - 2016-02-23 12:42 - 00003648 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001
2016-03-23 13:03 - 2014-08-29 12:55 - 00000000 ____D C:\Users\Florian Robert
2016-03-23 03:47 - 2014-11-20 09:13 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 03:47 - 2014-11-20 09:12 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-22 13:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-22 05:29 - 2014-09-06 04:27 - 00000000 ____D C:\Users\Florian Robert\Documents\Outlook-Dateien
2016-03-21 07:25 - 2014-08-29 12:56 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\Packages
2016-03-21 04:58 - 2014-11-18 12:53 - 00000891 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-21 04:56 - 2016-02-12 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-21 04:53 - 2016-02-10 20:35 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-17 17:57 - 2014-09-12 11:02 - 00000000 ____D C:\Users\Florian Robert\AppData\Roaming\Skype
2016-03-16 10:22 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 10:17 - 2014-08-30 05:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-15 12:42 - 2014-08-31 04:54 - 00000054 _____ C:\Windows\NavWin.INI
2016-03-12 11:14 - 2014-08-29 12:58 - 00002446 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-03-12 09:19 - 2014-11-20 09:14 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-12 09:19 - 2014-11-20 09:14 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-12 08:39 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-12 04:59 - 2015-10-31 03:38 - 00003336 _____ C:\Windows\System32\Tasks\SweetLabs App Platform
2016-03-10 05:08 - 2013-08-22 10:44 - 00381504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 05:05 - 2015-04-15 05:40 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 04:43 - 2014-09-05 02:25 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-10 04:43 - 2014-09-05 02:25 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 00:22 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-03-08 17:23 - 2015-11-29 05:50 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-08 17:23 - 2015-09-14 13:23 - 00000778 _____ C:\Users\Public\Desktop\System Advisor Model (x64).lnk
2016-03-08 17:23 - 2015-07-20 03:02 - 00002643 _____ C:\Users\Public\Desktop\Stealth Trader v2.5.3.lnk
2016-03-08 17:23 - 2015-06-26 05:41 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-03-08 17:23 - 2014-12-23 13:07 - 00000890 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-08 17:23 - 2014-11-20 09:15 - 00002022 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-08 17:23 - 2014-11-04 13:38 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-03-08 17:23 - 2014-10-29 13:25 - 00001862 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-08 17:23 - 2014-10-29 13:01 - 00001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-08 17:23 - 2014-10-29 13:01 - 00001349 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-08 17:23 - 2014-10-19 06:43 - 00002745 _____ C:\Users\Public\Desktop\MarginCalculator.exe.lnk
2016-03-08 17:23 - 2014-09-15 07:11 - 00000999 _____ C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2016-03-08 17:23 - 2014-09-02 02:14 - 00001778 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-03-08 17:23 - 2014-09-02 02:13 - 00001712 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-03-08 17:23 - 2014-08-31 04:53 - 00001735 _____ C:\Users\Public\Desktop\Trade Navigator.lnk
2016-03-08 17:23 - 2014-08-31 04:46 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-08 17:23 - 2014-08-31 04:46 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-08 17:23 - 2014-08-31 04:35 - 00000918 _____ C:\Users\Public\Desktop\AOL 9.0 VR.lnk
2016-03-08 17:23 - 2014-05-29 15:41 - 00001245 _____ C:\Users\Public\Desktop\Help and Support.lnk
2016-03-08 17:23 - 2014-04-24 21:14 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-08 17:23 - 2014-01-03 21:31 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2016-03-08 17:23 - 2013-12-29 06:05 - 00002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-03-08 17:22 - 2016-02-23 12:42 - 00002623 _____ C:\Users\Florian Robert\Desktop\GoToMeeting Quick Connect.lnk
2016-03-08 17:22 - 2015-01-07 07:11 - 00001647 _____ C:\Users\Florian Robert\Desktop\Canon MG3500 series Printer (LAMBARENE) - Verknüpfung.lnk
2016-03-08 17:22 - 2014-11-09 11:02 - 00001458 _____ C:\Users\Florian Robert\Desktop\gimp-2.8.exe - Verknüpfung.lnk
2016-03-08 17:22 - 2014-10-22 04:41 - 00002321 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert.lnk
2016-03-08 17:22 - 2014-10-22 04:41 - 00002271 _____ C:\Users\Florian Robert\Desktop\Convert.lnk
2016-03-08 17:22 - 2014-10-15 11:17 - 00003099 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2016-03-08 17:22 - 2014-09-15 07:11 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
2016-03-08 17:22 - 2014-09-15 03:25 - 00001176 _____ C:\Users\Florian Robert\Desktop\Genie Media Servers (Lambarene[Windows]) - Verknüpfung.lnk
2016-03-08 17:22 - 2014-08-29 12:58 - 00002450 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2016-03-08 17:22 - 2014-08-29 12:56 - 00001276 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2016-03-08 17:22 - 2014-08-29 12:55 - 00000469 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-08 17:22 - 2014-08-29 12:55 - 00000467 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-08 17:20 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
2016-03-08 03:00 - 2015-10-15 03:25 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:00 - 2015-10-15 03:25 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 10:37 - 2014-12-29 04:35 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\PDFCreator
2016-03-04 03:58 - 2014-10-29 13:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-01 04:30 - 2014-11-20 09:14 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-20 09:30 - 2014-06-20 09:30 - 0005293 _____ () C:\Users\Florian Robert\AppData\Roaming\Margin.ini
2014-11-18 12:23 - 2014-12-10 13:45 - 0007168 _____ () C:\Users\Florian Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-09 05:57 - 2015-02-09 05:57 - 0001610 _____ () C:\Users\Florian Robert\AppData\Local\recently-used.xbel
2015-08-14 03:04 - 2015-08-14 03:04 - 0007605 _____ () C:\Users\Florian Robert\AppData\Local\Resmon.ResmonCfg
2014-05-29 15:11 - 2014-05-29 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-25 11:05

==================== Ende von FRST.txt ============================
 
Here is the Addition.txt file: Part1
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Florian Robert (2016-03-26 07:26:59)
Gestartet von C:\Users\Florian Robert\Desktop
Windows 8.1 (X64) (2014-08-29 16:55:45)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-499248853-3292403601-2203723613-500 - Administrator - Disabled)
Florian Robert (S-1-5-21-499248853-3292403601-2203723613-1001 - Administrator - Enabled) => C:\Users\Florian Robert
Gast (S-1-5-21-499248853-3292403601-2203723613-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-499248853-3292403601-2203723613-1005 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.02.2002 - Acer Incorporated)
abFiles Shell Extension (HKLM-x32\...\{0E1996B9-B733-4096-8FD7-239850ED0B2A}) (Version: 2.00.3001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8103 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3010 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.103.2020.206 - Alps Electric)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
GenesisDependencyInstaller (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1d1c516df34faca9) (Version: 3.2.1.40 - Microsoft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Host App Service (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\SweetLabs_AP) (Version: 0.269.7.911 - Pokki)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Joulemeter (HKLM-x32\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
MainConceptDemoCodecs (HKLM-x32\...\{587CC611-95FA-442B-852D-A9B0DEC5C09B}) (Version: 1.01.0000 - Kummert GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarginCalculator (HKLM-x32\...\{07292B57-7EEB-4C68-8353-F2C03F6743E0}) (Version: 2.00.14000 - Eurex)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Pokki Start Menu (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.911 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
SAM 2015.6.30 (HKLM\...\{4A0EDADE-6CE6-4CB4-907E-1401911B4D6D}_is1) (Version: - National Renewable Energy Laboratory)
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stealth Trader (HKLM-x32\...\{CE6E1500-5269-43C4-A27F-7EF642F806B1}) (Version: 2.5.3 - Epcylon Technologies, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version: - )
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinnaLotto (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {043C04C0-912E-448F-9516-625F063EBDE9} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {1983AFC4-A91E-4338-A4E4-40606A7D34C1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {1E0C86D9-7717-418B-85BE-2151801B1F08} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {2B542F11-20B4-4B91-B8BA-F18531BDBF75} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-01-18] (Acer Incorporate)
Task: {2C264D81-BE2A-43BB-96C7-5508AA420BDB} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {2F02F91C-6817-4DA6-AA8A-AC9905A57956} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {33C4A5C4-D772-46D4-B928-13EC11E6101A} - System32\Tasks\Florian Robert => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {351066C4-9910-4753-9921-D875855DB128} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {376E85C0-980F-4705-ABCF-32E2A31DE151} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
Task: {38A47185-4F3D-41B3-839F-9D70B8F405F4} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
Task: {512A3B5F-7206-42CD-BCEC-D57628D69156} - System32\Tasks\SafeZone scheduled Autoupdate 1458719394 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
Task: {52ECB692-4B94-458B-8241-D436CFB282D1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {53306C79-0E98-4DD7-BFBB-AB4BCDE6BDC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-21] (Adobe Systems Incorporated)
Task: {612E08FE-7398-4B89-BEEB-C22736E637DF} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {647F822C-5494-497D-9126-3EAF611C1AED} - System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6D6C0714-71EC-43F7-BB8A-6BDE5EE97DF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {70E30D3F-7F5A-4465-B3D4-FE57FF72C816} - System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {72CBF039-634D-4EB3-9FF0-D4242D961C7E} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {7BCCFA01-BBFC-4E6B-A57D-0DB0D0E6E2EC} - System32\Tasks\Florian Robert Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {7DD729FA-E5F2-41F1-952E-4EDF5A7BEB26} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {81369795-B8A7-4282-AF85-36607ED59EAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {83004E22-6DBD-4EF6-A67C-2081A6DBE7A2} - System32\Tasks\SweetLabs App Platform => C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-03-10] (Pokki)
Task: {833A8C49-7BA2-47F4-94FB-4EDCDAD6D4C7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {84A2C329-5D8A-4F1B-A486-37102291120B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {8516AB4D-CDB3-4941-B482-E741EFE1E2F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {8911D987-EA05-4426-9260-40C3ABF4013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {8D6A02C4-DF12-4C14-84A5-85855FD8FF32} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {91835FDF-0EAA-44AB-A585-48BC7C6DAA76} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
Task: {9D4AE1C4-0189-4D31-A5B4-B900283B877C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {A4587FAC-2F27-40DD-B379-0025AEA88938} - System32\Tasks\Florian Robert DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {D7AFA013-901F-4AB8-9104-3ED5E1A2859D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {E053A28F-2488-46AE-AF68-51CCA551B9B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {E3B3D0C5-6CC1-4960-874E-33A0A8BAC849} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-04] (Microsoft Corporation)
Task: {F071FE89-9903-4294-96D1-28B3F4B97842} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {F512499D-FBA8-4EF0-9B40-1B17B017C409} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-09] (AVAST Software)
Task: {FC50D263-9778-4E50-AD07-8E43C0153FEF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-05-29 14:53 - 2014-03-24 08:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-06 04:01 - 2012-06-21 01:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2013-09-04 14:13 - 2013-09-04 14:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-08-30 05:26 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-07 05:44 - 2015-07-07 05:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-12-03 07:43 - 2015-12-03 07:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-05-29 15:29 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-29 15:35 - 2014-01-03 08:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-07-08 12:53 - 2013-07-08 12:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-11-23 13:44 - 2015-11-23 13:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2016-02-09 09:18 - 2016-02-09 09:18 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-09 09:18 - 2016-02-09 09:18 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-25 16:19 - 2016-03-25 16:19 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032501\algo.dll
2016-02-09 09:18 - 2016-02-09 09:18 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-10-29 13:00 - 2014-05-13 07:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-29 13:00 - 2014-05-13 07:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-29 13:00 - 2014-05-13 07:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-29 13:00 - 2012-08-23 05:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-29 13:00 - 2012-04-03 12:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-05-29 14:55 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-03 10:21 - 2015-12-03 10:21 - 00202456 _____ () C:\Program Files (x86)\Acer\abMedia\curllib.dll
2015-12-03 10:23 - 2015-12-03 10:23 - 00654000 _____ () C:\Program Files (x86)\Acer\abMedia\sqlite3.dll
2015-12-03 10:23 - 2015-12-03 10:23 - 00641240 _____ () C:\Program Files (x86)\Acer\abMedia\tag.dll
2015-12-03 10:23 - 2015-12-03 10:23 - 00119000 _____ () C:\Program Files (x86)\Acer\abMedia\OpenLDAP.dll
2016-02-05 15:06 - 2016-02-05 15:06 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 18:12 - 2016-01-14 18:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 18:11 - 2016-01-14 18:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-01-19 16:06 - 2016-01-19 16:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-01-19 16:06 - 2016-01-19 16:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2014-11-15 06:55 - 2016-02-22 22:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2011-03-09 08:21 - 2011-03-09 08:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 08:21 - 2011-03-09 08:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-12-06 04:21 - 2015-12-06 04:21 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-08 21:33 - 2016-03-08 21:33 - 00569856 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2016-03-08 21:33 - 2016-03-08 21:33 - 01400846 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2016-03-08 21:33 - 2016-03-08 21:33 - 00151054 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2016-03-08 21:33 - 2016-03-08 21:33 - 00222734 _____ () C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2014-02-13 18:26 - 2014-02-13 18:26 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2014-02-13 18:26 - 2014-02-13 18:26 - 21117952 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
2014-02-13 18:26 - 2014-02-13 18:26 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
2014-02-13 18:26 - 2014-02-13 18:26 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7872 mehr Seiten.

IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7872 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 09:25 - 2016-03-07 05:12 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

Da befinden sich 15471 zusätzliche Einträge.


==================== Andere Bereiche ============================
 
And here is Part 2 of Additions.txt:

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "FreePDF Assistant"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BE63103F-01FE-4676-8B94-97D7DC811EC5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{528BC9F1-A002-4ECF-9F06-1A777F61C024}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{1B781FC7-4111-4EC1-9A81-7C5202337095}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AEC31969-333F-40C6-A19B-573BC8622596}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ADEE17FA-9B20-4698-A30F-DF632BAFB8E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E84B5257-4EA8-4495-ACEE-02B49E7A1E21}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{BA38BBD5-5942-4246-A968-37972E3F5654}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{D57CC8DF-6A80-4F40-B14A-C4EF81BC03C4}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{63FA8E33-7307-4637-96BC-42B4570236AF}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{E283BB9B-4C7F-4707-B7A7-DA251AEB87D7}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{E20EF89D-36B3-4D32-A69B-FE8471EB0BF2}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{518B10CC-5BCE-47F9-8B4A-0FDFF7083F3D}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
FirewallRules: [{84645464-4B73-4F87-9287-60D56F609122}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
FirewallRules: [{1A945F5A-9CF6-4649-B28C-B7521349F578}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A2034403-65A3-4FAC-A780-B83C4837CB90}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{AE7EA85D-1AAD-4E96-8E30-786DEFC31BC0}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{27A73335-38CB-473B-8719-3F89C3588F3C}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{3E062DC1-DBDA-4906-A7AC-EE6B9EAFC95F}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{6D5DB314-940C-4545-A2BC-BBC5CEFA27FC}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{2D2B4A18-FC98-49E3-BADA-F89C6BA5817E}] => (Allow) LPort=8888
FirewallRules: [{7E5C0E00-F608-4F40-BFE0-58FBA197FE4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{158D565F-2419-4588-A26F-905FEC645665}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CFD355E3-DD15-42FE-861A-E0CBE1511910}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B8CD7291-1844-4BF7-BAC1-0C3C31F20E73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6B6D5368-7C75-4DC5-8E5C-4019E1D2812D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DC807A60-CACA-4A62-B954-3839B9656727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DD59612C-C005-4513-917C-FB78A8A7CA2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DFA8515A-B676-480B-AC7B-5A55E745A4BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A0FB273A-11A8-4A30-8031-F80B0533EF6F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{13CD43FF-4354-414D-9E61-9256B9D034D6}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5DBA44E4-BC86-41DF-8656-D5F69171780E}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{23E3590C-EDF8-435A-904C-00B66EBEC9C1}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{51512AF6-109A-47E4-9291-3DFFD9F28E2A}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{ABC1AD0D-94D6-4C5B-8B21-8880546513CF}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{439882BE-72FB-49BE-8DCF-76FFEB4DBF54}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{A61CAB5D-CEA7-4199-9163-33190848D109}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{8D682E05-E80B-4411-A4C0-60CF78AA5D5B}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{6710D04F-8592-44DF-AFF6-6177A73D7BD9}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{D7ECA97D-7AC5-4D49-AA9C-F53AB9A7AC07}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{08B72412-0F80-4ED1-B85C-851E4B153342}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{1F4D17B4-4E5D-45A4-B073-E9A1704A8D8D}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{7827D62E-89F8-494E-9B58-37B3A3169CBA}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{CE064D7C-0584-407A-93DB-BE0062827D51}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{BDF7047E-0755-4460-93AA-8E018DC7C774}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{1B90EE3C-2C85-44CE-9A9E-E594814EC60F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{4BD0D59F-776D-4236-BD8C-B2897A74A348}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{406D9472-5134-4699-A54F-6B2D264CCC91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{84FDCAAE-AF87-474E-B31F-6A4C41FB170F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A186846E-3CC9-4BED-B766-FE5DB5012C64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A5A7918D-CCA9-456A-A26F-DC07569C72FB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C953820C-8A83-4BF2-BF9B-9CD18405DB56}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F739AE1-CB87-4BED-BC60-F40E173A7F92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EB636362-36CF-4239-BE33-6D60C5B21451}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EA0876E7-7883-435C-9D40-5CE5BE1976DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F4218BE4-F7FD-417A-9319-DF3430D0E989}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{596B9E55-4EC4-4A29-ACB4-5B864FC98E81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5C98BB30-90E6-479A-ABB3-D5F02B8C6E72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4441C552-9E32-4825-BBA5-1B748024AEEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{48DAB9D6-EF45-40D9-9656-1E780A1BCBA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{57D0ADA1-1D63-445F-ACBD-0371C1A9678E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{974439C0-8264-4F7B-895C-B0DE38038E32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E92BFC83-C73F-471C-B655-F099F0462C44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25EE1910-5A61-4F84-AED2-A85043F6E66C}] => (Allow) LPort=8888
FirewallRules: [{67A2A0FC-70AF-4C6D-B8F0-1A4AAADB8597}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B4FB5395-208C-403E-A8CF-9F2762F56CFD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2A4FA544-A387-4176-B193-FD060E9C1BE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{50D1D61A-778A-4E95-91F7-E8C5E0C2A609}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EBB9CAED-0AF6-4C08-924C-F9BCE2D018C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DFA1C554-1F5B-4CAB-BE6B-0E9EE3EB72AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0792797F-73BB-473F-BAB9-0542A25CCFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D8D8BCF3-5560-4F80-8550-5D82C194F925}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{14593135-DE9B-420F-B3D1-94BA9B809274}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0C1AD51E-92B8-42E7-8D89-9F02D83909BB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{119F7757-D5DB-442B-B993-7C83585F19E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B9493091-11E9-4366-8515-A74C38418D2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C84C1DF6-BAAE-43AB-9118-2F86C848C3EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A97A83AA-91D6-4A0E-9E18-18BBE783D9AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D21911CC-25EC-4D93-B6E4-9E891E24FDF3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AA4AA449-5FB8-43A7-91F8-76C76F2B7DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{86154076-E317-4026-9051-EAFBC8DE63AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A1621378-B077-4F25-A98E-F66E2A0CE46D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{41C79DCC-0ACA-4C75-97A5-E891251C65E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{45D86E81-2142-4956-B5FB-92E62060473A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B97B6753-C820-4FC3-B638-05C4A6ACB72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7E618D33-0C92-4AFA-B165-31B81C95278D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DB079ABF-600C-49EF-B69B-6A464D92A006}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8BC5D5A8-95F2-4741-81D7-C844EF1E878A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1DA4E5A4-59DD-4F2A-B130-8D78E5BCC94B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{98D39DD7-F072-4189-9B1C-9437865A5DE8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D36BB8DD-DC10-4F77-B194-08F80BCA1709}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73DD00CD-0919-4AF0-B205-6D099A9FFCBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{946CDC96-66DA-455A-A1E8-5AA170CA93D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{69FF58EC-3CE4-4A68-9C60-5835C800D8FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5EBDDDB7-690F-483D-B869-13B7D02A91F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6013E745-1042-499D-9D99-B3D33B877D3C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CFCEBB1F-48AA-440A-A67A-18DF91B569E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8ABC8A64-70DA-4B4B-BB84-C2DA6E27EB3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C728CDAA-8B85-4507-909E-472583D73A21}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D5F9ED46-03B8-495B-A3F5-46DEF918004D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DD6985B1-9CC6-49BB-A13A-04A733229AA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{020A4680-3E89-446D-B700-0105D6F30E5B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{84FEDEFD-E9D2-4E47-81DE-B233169D0D85}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BF7088D1-5125-4D2D-B7A9-FB1B491B9AFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F96413CC-E9C9-4995-AD4D-076D5F71A5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{88EB3689-CB2A-4F69-AF64-BDC22C035019}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1452F46A-990F-4866-813A-3BE3CEFD6556}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{47368D5A-753D-4930-B7E5-3C1579DC3D7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1C4F7991-659F-45E5-850B-D35A27D664A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DA87CF50-5225-40C8-8D73-F41D2053BEE2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1A0CE8E7-6E14-4813-A948-B3C595A59241}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4BAC57A9-0013-4526-BF17-53D2F42726F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B77D79B6-DB55-4513-B5CF-2A532B760D32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E5230FC5-F456-4228-B6D9-814B5E19B3A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{655279DD-0935-4649-8FD2-8B7A4743490C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A09F8F39-C76E-4360-8AE2-7BDE4B318E86}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C325ED5F-CF76-453E-9B1B-7C396EDFFA0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8A6C666E-715E-4107-9715-30900496197E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74349A4D-B31B-4AA8-BBB5-63475FC25E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C6F77A8-04A7-410B-BD3F-BEE3A1424C55}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C5711A9-0EFD-4178-9307-2D7C3DA9450A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{00CD2CA3-24C0-41FA-8551-0573D82880BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8236F01C-98F5-4CB3-A832-F7FF77D1942A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{51C75DAB-9576-4982-B15A-8B887F7B345A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A0B098E2-7A24-4325-994C-33B12EB22232}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{34B73CEA-8E5B-482E-8DFF-5DCA2A8B7EBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AE915E69-A811-44CD-92AE-CFE2F151ED91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C6A8CDB9-B617-40C1-94BA-54CD7525ADD1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EECF6088-A320-48E9-A39A-F5051E90BFA6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

08-03-2016 11:18:04 Intel(R) Technology Access
11-03-2016 13:48:14 Windows Update
24-03-2016 04:40:26 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/26/2016 07:05:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
Name des fehlerhaften Moduls: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00068798
ID des fehlerhaften Prozesses: 0x1848
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3
Vollständiger Name des fehlerhaften Pakets: EXCEL.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EXCEL.EXE5

Error: (03/26/2016 06:25:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 45.0.1.5918, Zeitstempel: 0x56e8b7df
Name des fehlerhaften Moduls: mozglue.dll, Version: 45.0.1.5918, Zeitstempel: 0x56e8a981
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f0ea
ID des fehlerhaften Prozesses: 0x2510
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (03/26/2016 06:25:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 45.0.1.5918 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ac4

Startzeit: 01d187421ddcfd0b

Endzeit: 366

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: fde30c5d-f33c-11e5-86bc-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/24/2016 05:40:10 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-499248853-3292403601-2203723613-1001}/">.

Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)

Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Details:
Die Daten sind unzulässig. 0x8007000d (0x8007000d)

Error: (03/23/2016 06:27:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Seagate.Dashboard.DASWindowsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Management.ManagementException
Stapel:
bei System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
bei System.Management.SinkForEventQuery.Cancel()
bei System.Management.ManagementEventWatcher.Stop()
bei System.Management.ManagementEventWatcher.Finalize()

Error: (03/23/2016 03:04:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CLVIEW.EXE, Version 15.0.4801.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a00

Startzeit: 01d18536b95b0d9b

Endzeit: 18

Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\CLVIEW.EXE

Berichts-ID: fcfd7070-f129-11e5-86b2-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/23/2016 04:12:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 120

Startzeit: 01d184d79c1793e8

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 34120cd4-f0ce-11e5-86b1-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/23/2016 04:06:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 15.0.4805.1001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 85c

Startzeit: 01d184d8586be741

Endzeit: 131

Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

Berichts-ID: 290075e0-f0ce-11e5-86b1-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (03/26/2016 04:01:53 AM) (Source: DCOM) (EventID: 10010) (User: FLORIAN)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (03/26/2016 03:59:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/26/2016 03:59:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (03/25/2016 04:20:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/25/2016 04:20:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (03/25/2016 04:19:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/25/2016 04:19:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (03/25/2016 10:43:44 AM) (Source: DCOM) (EventID: 10010) (User: FLORIAN)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (03/25/2016 10:41:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (03/25/2016 10:41:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.


CodeIntegrity:
===================================
Date: 2014-11-20 08:00:20.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-20 07:46:58.286
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 8072.27 MB
Verfügbarer physikalischer RAM: 6178.69 MB
Summe virtueller Speicher: 9352.27 MB
Verfügbarer virtueller Speicher: 6780.64 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:898.59 GB) (Free:693.91 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1CCF8D51)

Partition: GPT.

==================== Ende von Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Good morning and Happy Easter! I am very happy that you replied! Sorry for the late reply, but I am 8 or nine hours ahead of you so I was asleep when you replied.
I have just finished RogueKiller and it generated this report:

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 8.1 (6.3.9600) 64 bits version
gestarted in : normaler Modus
User : Florian Robert [Administrator]
Started from : C:\Users\Florian Robert\Desktop\RogueKiller.exe
Modus : Scannen -- Datum : 03/27/2016 03:21:06

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MetaStream -> Gefunden
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Viewpoint -> Gefunden
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> Gefunden
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Gefunden
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Gefunden
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Gefunden
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Gefunden

¤¤¤ Aufgaben : 2 ¤¤¤
[Suspicious.Path|VT.Unknown] \Florian Robert -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert.nji") -> Gefunden
[Suspicious.Path|VT.Unknown] \Florian Robert Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert Merge.nji") -> Gefunden

¤¤¤ Dateien : 1 ¤¤¤
[PUP][Ordner] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85} -> Gefunden

¤¤¤ Host Dateien : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164 +++++
--- User ---
[MBR] cf1626c9ab7604c27e15cc87ea822b09
[BSP] f7f54c70c21550c458c39f101feb9b57 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 920160 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1886595072 | Size: 17408 MB
5 - [SYSTEM][HIDDEN!][READONLY][MAN-MOUNT] Basic data partition | Offset (sectors): 1922246656 | Size: 15272 MB
User = LL1 ... OK
User = LL2 ... OK

I will now continue with Malwarebytes.

Best,
Florian
 
Sorry, I just saw that there is a second report from RogueKiller that shows what has been deleted (or not?):
gelöscht means "deleted"
RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 8.1 (6.3.9600) 64 bits version
gestarted in : normaler Modus
User : Florian Robert [Administrator]
Started from : C:\Users\Florian Robert\Desktop\RogueKiller.exe
Modus : Löschen -- Datum : 03/27/2016 03:23:12

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MetaStream -> gelöscht
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Viewpoint -> gelöscht
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} -> gelöscht
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> gelöscht
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> ersetzt (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> ersetzt (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Aufgaben : 2 ¤¤¤
[Suspicious.Path|VT.Unknown] \Florian Robert -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert.nji") -> gelöscht
[Suspicious.Path|VT.Unknown] \Florian Robert Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\Florian Robert\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Florian Robert Merge.nji") -> gelöscht

¤¤¤ Dateien : 1 ¤¤¤
[PUP][Ordner] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85} -> gelöscht
[PUP][Datei] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85}\1941 frozen front pc.dat -> gelöscht
[PUP][Datei] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85}\3d4fa3e94dffaed0 -> gelöscht
[PUP][Datei] C:\ProgramData\{8cc01b21-44d8-e99c-8cc0-01b2144d6c85}\f0b205bc6a2b4904 -> gelöscht

¤¤¤ Host Dateien : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164 +++++
--- User ---
[MBR] cf1626c9ab7604c27e15cc87ea822b09
[BSP] f7f54c70c21550c458c39f101feb9b57 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 920160 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1886595072 | Size: 17408 MB
5 - [SYSTEM][HIDDEN!][READONLY][MAN-MOUNT] Basic data partition | Offset (sectors): 1922246656 | Size: 15272 MB
User = LL1 ... OK
User = LL2 ... OK
 
Hi, I have completed Malwarebytes. Mwb did not ask for a restart but I did it manually anyway. When it came up again, about five windows poppeed up. Unfortunately, I could not copy the text. All of them said something like:
"Error. The script cannot be executed. Undefined value. Would you like to continue to execute the script? Yes - No" I always pressed "No", since I assumed that an undefined value makes a script unexecutable anyway.
The undefined values referred to the ACER hive on C:/
Then there was one extra window popping up saying that "an application is delaying the opening of the browser. Would you like to continue to execute the application? Yes - No" I pressed No. Strange, since I had not started any browser.

It might be of interest, that when Malwarebytes found something some days ago, it seemed to be related to the Internet Explorer browser. So after Mwb had deleted what it had quarantined, I disconnected the IE browser so that it would not be able to connect to the Internet. I am using Mozilla Firefox anyway, never liked IE.

Here are the two reports from Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.03.2016
Scan Time: 03:42
Logfile: Malewarebytes log 27 March 2016.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.27.01
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Florian Robert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366297
Time Elapsed: 1 hr, 9 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Here is the second one:

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 27.03.2016 03:36, SYSTEM, FLORIAN, Manual, Remediation Database, 2016.3.18.1, 2016.3.24.1,
Update, 27.03.2016 03:36, SYSTEM, FLORIAN, Manual, IP Database, 2016.3.17.1, 2016.3.21.3,
Update, 27.03.2016 03:36, SYSTEM, FLORIAN, Manual, Domain Database, 2016.3.19.1, 2016.3.27.2,
Update, 27.03.2016 03:37, SYSTEM, FLORIAN, Manual, Malware Database, 2016.3.20.2, 2016.3.27.1,
Update, 27.03.2016 03:38, SYSTEM, FLORIAN, Manual, program, 2.2.0.1024, 2.2.1.0,
Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malware Protection, Starting,
Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malware Protection, Started,
Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2016 03:40, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Started,
Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, Remediation Database, 2016.2.12.1, 2016.3.24.1,
Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, Domain Database, 2016.2.16.8, 2016.3.27.2,
Update, 27.03.2016 03:41, SYSTEM, FLORIAN, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,
Update, 27.03.2016 03:42, SYSTEM, FLORIAN, Manual, Malware Database, 2016.2.16.6, 2016.3.27.1,
Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Refresh, Starting,
Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Stopping,
Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Stopped,
Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Refresh, Success,
Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Starting,
Protection, 27.03.2016 03:42, SYSTEM, FLORIAN, Protection, Malicious Website Protection, Started,
Scan, 27.03.2016 04:52, SYSTEM, FLORIAN, Manual, Start:27.03.2016 03:42, Duration:1 hr 9 min 5 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

I will continue now with AdwCleaner.
Thank you again for taking the time on Easter Sunday!
 
Hello, AdwCleaner is done. It restarted the system and a window popped up:
"The Server is busy/overloaded. In order to solve this issue click on "Go to application" " There was another button:"Repeat" I clicked on none and after about 10 seconds the window disappeared.
Here is the AdwCleaner report:
# AdwCleaner v5.105 - Bericht erstellt am 27/03/2016 um 05:32:58
# Aktualisiert am 21/03/2016 von Xplode
# Datenbank : 2016-03-26.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Florian Robert - FLORIAN
# Gestartet von : C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Genesis
[-] Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
[-] Ordner Gelöscht : C:\ProgramData\Viewpoint
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis
[-] Ordner Gelöscht : C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform
[-] Ordner Gelöscht : C:\Users\Florian Robert\Documents\ppt
[#] Ordner Gelöscht : C:\Windows\SysNative\Tasks\SweetLabs App Platform

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Datei Gelöscht : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
[-] Datei Gelöscht : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] Datei Gelöscht : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****

[-] Geplante Aufgabe Gelöscht : SweetLabs App Platform

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
[-] Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Schlüssel Gelöscht : HKCU\Software\Classes\pokki
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Schlüssel Gelöscht : HKCU\Software\DAILYPCCLEAN
[-] Schlüssel Gelöscht : HKCU\Software\IM
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Tinstalls
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\powerpack
[-] Schlüssel Gelöscht : HKCU\Software\SweetLabs App Platform
[-] Schlüssel Gelöscht : HKCU\Software\WEBAPP
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Schlüssel Gelöscht : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\SweetLabs App Platform
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Wert Gelöscht : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Internetbrowser ] *****

[-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=22079&r=2015/02/22&hid=13470389669579871766&lg=EN&cc=DE&unqvl=82&l=1&q=");
[-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
[-] [C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");

*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5621 Bytes] - [27/03/2016 05:32:58]
C:\AdwCleaner\AdwCleaner[R0].txt - [3207 Bytes] - [02/02/2015 06:51:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [6720 Bytes] - [27/03/2016 05:25:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5840 Bytes] ##########
I will continue now with Junkware Removal Tool.
 
I just saw that there is a second report in the AdwCleaner directory.

# AdwCleaner v5.105 - Bericht erstellt am 27/03/2016 um 05:25:43
# Aktualisiert am 21/03/2016 von Xplode
# Datenbank : 2016-03-26.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Florian Robert - FLORIAN
# Gestartet von : C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

Ordner Gefunden : C:\Genesis
Ordner Gefunden : C:\Program Files (x86)\Viewpoint
Ordner Gefunden : C:\ProgramData\Viewpoint
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis
Ordner Gefunden : C:\Users\Florian Robert\AppData\Local\SweetLabs App Platform
Ordner Gefunden : C:\Users\Florian Robert\Documents\ppt
Ordner Gefunden : C:\Windows\SysNative\Tasks\SweetLabs App Platform

***** [ Dateien ] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Datei Gefunden : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
Datei Gefunden : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
Datei Gefunden : C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****

Geplante Aufgabe Gefunden : SweetLabs App Platform

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gefunden : HKCU\Software\Classes\lnkfile\shell\pokki
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gefunden : HKCU\Software\Classes\pokki
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Classes\pokki
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKCU\Software\DAILYPCCLEAN
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\Microsoft\Tinstalls
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\powerpack
Schlüssel Gefunden : HKCU\Software\SweetLabs App Platform
Schlüssel Gefunden : HKCU\Software\WEBAPP
Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\DAILYPCCLEAN
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\IM
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Tinstalls
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\OCS
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\powerpack
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\SweetLabs App Platform
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\WEBAPP
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Wert Gefunden : HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]

***** [ Internetbrowser ] *****

[C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
[C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=22079&r=2015/02/22&hid=13470389669579871766&lg=EN&cc=DE&unqvl=82&l=1&q=");
[C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.order.1", "WebSearch");
[C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.order.1,S", "WebSearch");
[C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.selectedEngine", "WebSearch");
[C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\prefs.js] [Preference] Gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [3207 Bytes] - [02/02/2015 06:51:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [6564 Bytes] - [27/03/2016 05:25:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6637 Bytes] ##########
 
Good morning, I completed JRT.exe scan and here are the results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Florian Robert (Administrator) on 27.03.2016 at 5:55:32,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\Florian Robert\AppData\Local\pdfforge (Folder)
Successfully deleted: C:\Users\Florian Robert\AppData\Roaming\pdfforge (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.03.2016 at 5:58:28,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you for your advice. Since we are separated by 8-9 hours, I will patiently wait for your next instructions.
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Hi Broni, I am writing to you from my Smartphone since the following happened :
I started my notebook and it behaved 'normal' until the desktop came up. There, it did not show all icons but some that are white / blank. I waited several minutes but nothing seemed to move.
Then I clicked on the Mozilla icon (normal) and nothing happened. I waited some minutes and repeated. Still nothing. Then I decided to restart.
But the Windows start tile in the lower left corner did not react / did not show the menu at a right click. Instead, it opened the tile style desktop but without any tiles visible.
The mouse can be moved but except for the start tile in the lower left corner there is nothing to click on. The screen shows my normal background picture.
I tried to open the task manager with Ctrl alt Del but no reaction.
I also can't shut down by pressing the on/off button on the outside frame of my notebook.
Any idea?
 
The battery seems to be well secured ie I don't have the right screwdrivers to release the screws. Since the battery was relatively full, it will take several hours until it shuts down itself.
When I restart (with just enough energy) , what should I do?
Press a certain key combination during booting ?
Or 'hope' that it will boot fully?
Thanks for your help!
 
Good morning, finally, the battery died and I could fully boot this time.
Here is FRST.txt part 1
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Florian Robert (Administrator) auf FLORIAN (28-03-2016 02:37:01)
Gestartet von C:\Users\Florian Robert\Desktop
Geladene Profile: Florian Robert (Verfügbare Profile: Florian Robert)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool:

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-03-26] (NVIDIA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-09-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1409474061\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {6f730b64-3e72-11e4-826a-083e8eee820c} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775b79-2f9b-11e4-825e-c4544477a64a} - "D:\EasySuite.exe"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\MountPoints2: {b5775bc4-2f9b-11e4-825e-c4544477a64a} - "E:\EasySuite.exe"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-03-08]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-03-08]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{04133109-4254-4054-9646-F72C15C37638}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-09] (AVAST Software)
BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499248853-3292403601-2203723613-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Florian Robert\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Florian Robert\AppData\Roaming\Mozilla\Firefox\Profiles\spvwun0r.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-12-18]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [157344 2015-12-03] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [486048 2015-12-03] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-01-18] (Acer Incorporate)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1616160 2014-03-26] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-04] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-04] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-20] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2013-09-07] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-16] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2015-04-30] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2015-04-30] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-16] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-27] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
Hi, here is FRST.txt part 2:
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-27 05:58 - 2016-03-27 05:58 - 00001044 _____ C:\Users\Florian Robert\Desktop\JRT.txt
2016-03-27 04:54 - 2016-03-27 04:54 - 00002127 _____ C:\Users\Florian Robert\Desktop\Malewarebytes daily protectionlog 27 March 2016.txt
2016-03-27 04:53 - 2016-03-27 04:53 - 00001077 _____ C:\Users\Florian Robert\Desktop\Malewarebytes log 27 March 2016.txt
2016-03-27 01:54 - 2016-03-27 01:54 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-27 01:51 - 2016-03-27 03:31 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-26 13:17 - 2016-03-26 13:24 - 145834032 _____ (Sophos Limited) C:\Users\Florian Robert\Desktop\Sophos Virus Removal Tool.exe
2016-03-26 13:17 - 2016-03-26 13:17 - 00448512 _____ (OldTimer Tools) C:\Users\Florian Robert\Desktop\TFC.exe
2016-03-26 13:16 - 2016-03-26 13:16 - 00899584 _____ (Farbar) C:\Users\Florian Robert\Desktop\FSS.exe
2016-03-26 13:15 - 2016-03-26 13:15 - 00852798 _____ C:\Users\Florian Robert\Desktop\SecurityCheck.exe
2016-03-26 07:26 - 2016-03-26 07:31 - 00061095 _____ C:\Users\Florian Robert\Desktop\Addition.txt
2016-03-26 07:24 - 2016-03-28 02:38 - 00023855 _____ C:\Users\Florian Robert\Desktop\FRST.txt
2016-03-26 07:24 - 2016-03-28 02:37 - 00000000 ____D C:\FRST
2016-03-26 06:32 - 2016-03-26 06:32 - 02374144 _____ (Farbar) C:\Users\Florian Robert\Desktop\FRST64.exe
2016-03-26 06:10 - 2016-03-26 06:10 - 19655240 _____ C:\Users\Florian Robert\Desktop\RogueKiller.exe
2016-03-26 05:53 - 2016-03-26 05:53 - 01530368 _____ C:\Users\Florian Robert\Desktop\adwcleaner_5.105.exe
2016-03-26 05:45 - 2016-03-26 05:45 - 01610352 _____ (Malwarebytes) C:\Users\Florian Robert\Desktop\JRT.exe
2016-03-26 05:20 - 2016-03-26 05:20 - 06868672 _____ (Piriform Ltd) C:\Users\Florian Robert\Downloads\ccsetup516.exe
2016-03-24 04:40 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-24 04:40 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-24 04:40 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-24 04:40 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-24 04:40 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-24 04:40 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-24 04:39 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-03-24 04:39 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-24 04:39 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-03-24 04:39 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-03-24 04:39 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-03-24 04:39 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-03-24 04:39 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-03-24 04:39 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-03-24 04:39 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-03-24 04:39 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-03-24 04:39 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-24 04:39 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-03-24 04:39 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-03-24 04:36 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-24 04:36 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-24 04:36 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-03-24 04:36 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-03-24 04:36 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-03-24 04:36 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-24 04:36 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-03-24 04:36 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-03-24 04:36 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-24 04:36 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-03-24 04:36 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-03-24 04:36 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-03-24 04:36 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2016-03-24 04:36 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-03-24 04:36 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-03-24 04:36 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-03-24 04:36 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-24 04:36 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-03-24 04:36 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-03-24 04:36 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-24 04:36 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-03-24 04:36 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-03-24 04:36 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-03-24 04:36 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-03-24 04:36 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-03-24 04:36 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-24 04:36 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-03-24 04:36 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-03-24 04:36 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-03-24 04:36 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-03-24 04:36 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-24 04:36 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-03-24 04:36 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-03-24 04:36 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-03-24 04:36 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-03-24 04:36 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-24 04:36 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-24 04:36 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-24 04:33 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-03-24 04:33 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-03-24 04:32 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-03-24 04:32 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-03-24 04:31 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-24 04:31 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-24 04:31 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-24 04:31 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-24 04:31 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-24 04:31 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-24 04:31 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-24 04:31 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-24 04:31 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-03-24 04:31 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-03-24 04:31 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-24 04:31 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-03-24 04:31 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-03-24 04:31 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-03-24 04:31 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-03-24 04:31 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-03-24 04:31 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-03-23 03:50 - 2016-03-23 04:12 - 00003068 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458719394
2016-03-23 03:50 - 2016-03-23 04:12 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 03:50 - 2016-03-23 03:50 - 00001057 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 03:48 - 2016-03-23 03:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-22 05:52 - 2016-03-22 05:52 - 00000562 _____ C:\Users\Florian Robert\Downloads\Stealth Trader v2.6.0.msi
2016-03-12 07:46 - 2016-03-12 07:46 - 00001309 _____ C:\Malewarebytes log 12 March 2016.txt
2016-03-10 04:38 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-10 04:38 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-10 04:38 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-10 04:38 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-10 04:38 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-10 04:38 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-10 04:38 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-10 04:38 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-10 04:38 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-10 04:38 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-10 04:38 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-10 04:38 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-10 04:38 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-10 04:38 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-10 04:38 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-10 04:38 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-10 04:38 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-10 04:38 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-10 04:38 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-10 04:38 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-10 04:38 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-10 04:38 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-10 04:38 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-10 04:38 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-10 04:38 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-10 04:38 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-10 04:38 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-10 04:38 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-10 04:38 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-10 04:38 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-10 04:38 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-10 04:38 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-10 04:38 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-10 04:38 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-10 04:38 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-10 04:38 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-10 04:38 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-10 04:38 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-10 04:38 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-10 04:38 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-10 04:37 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 04:33 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-10 04:33 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-10 04:33 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-10 04:33 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-10 04:33 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-10 04:33 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-10 04:33 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-10 04:33 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-10 04:33 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-10 04:33 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-10 04:33 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-10 04:33 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-10 04:33 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-10 04:33 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-10 04:33 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-10 04:33 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-10 04:33 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-10 04:33 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-10 04:33 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-10 04:33 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-10 04:32 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-10 04:32 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-10 04:32 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-10 04:32 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-10 04:31 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-10 04:30 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-10 04:30 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-10 04:30 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-10 04:30 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-10 04:30 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-10 04:29 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-10 04:29 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 02:58 - 2016-03-09 02:58 - 00001238 _____ C:\Malewarebytes log 09 March 2016.txt
2016-03-08 17:17 - 2016-03-08 17:17 - 00001220 _____ C:\Malewarebytes log 08 March 2016.txt
2016-03-08 16:25 - 2016-03-27 03:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-08 16:24 - 2016-03-27 03:39 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-08 16:24 - 2016-03-27 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-08 16:24 - 2016-03-27 03:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-08 16:24 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-08 16:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-08 16:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 16:24 - 2016-03-08 16:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-08 16:16 - 2016-03-08 16:17 - 22908888 _____ (Malwarebytes ) C:\Users\Florian Robert\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-08 09:02 - 2016-03-08 09:03 - 00013824 ___SH C:\Users\Florian Robert\Desktop\Thumbs.db
2016-03-08 09:01 - 2016-03-08 09:01 - 00000000 ____D C:\Users\Florian Robert\Documents\ProcAlyzer Dumps
2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-03-07 12:34 - 2016-03-07 12:34 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-03-07 11:05 - 2016-03-07 11:05 - 00000000 ____D C:\Users\Florian Robert\Documents\Avast Config
2016-03-07 05:12 - 2015-07-05 14:49 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20160307-041220.backup
2016-03-06 18:52 - 2016-03-07 10:04 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\app
2016-03-06 12:56 - 2016-03-08 17:22 - 00001916 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-03-06 11:54 - 2016-03-06 11:54 - 01806364 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-04 11:42 - 2016-03-04 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotto Architect 2.2

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-28 02:36 - 2015-12-06 04:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-28 02:36 - 2014-09-12 10:36 - 00000000 ____D C:\Users\Florian Robert\OneDrive
2016-03-28 02:35 - 2015-06-26 05:39 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-28 02:35 - 2014-08-29 12:55 - 00000000 ____D C:\Users\Florian Robert
2016-03-28 02:34 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-27 12:27 - 2014-08-29 13:01 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-499248853-3292403601-2203723613-1001
2016-03-27 12:23 - 2014-09-10 11:17 - 00000344 _____ C:\Windows\lgfwup.ini
2016-03-27 12:22 - 2014-09-10 11:17 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2016-03-27 07:06 - 2016-02-23 12:42 - 00000632 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
2016-03-27 06:51 - 2016-02-23 12:42 - 00000728 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job
2016-03-27 06:46 - 2016-02-10 20:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-27 06:44 - 2015-06-26 05:39 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 06:28 - 2014-05-30 00:22 - 00784836 _____ C:\Windows\system32\perfh007.dat
2016-03-27 06:28 - 2014-05-30 00:22 - 00165004 _____ C:\Windows\system32\perfc007.dat
2016-03-27 06:28 - 2014-03-18 06:03 - 01814802 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-27 06:28 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-03-27 05:35 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-27 05:32 - 2015-02-02 06:49 - 00000000 ____D C:\AdwCleaner
2016-03-26 07:48 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-03-26 06:25 - 2014-09-10 08:16 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\CrashDumps
2016-03-26 05:29 - 2014-09-15 10:32 - 00000000 ____D C:\Users\Florian Robert\Documents\Registry changes log
2016-03-26 05:21 - 2015-05-18 04:03 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-26 04:45 - 2014-04-24 21:06 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 04:52 - 2015-04-09 06:38 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-24 04:52 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-03-24 04:50 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-24 01:56 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-23 14:16 - 2016-02-23 12:42 - 00003744 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001
2016-03-23 14:16 - 2016-02-23 12:42 - 00003648 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001
2016-03-23 03:47 - 2014-11-20 09:13 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 03:47 - 2014-11-20 09:12 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-22 13:41 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-03-22 05:29 - 2014-09-06 04:27 - 00000000 ____D C:\Users\Florian Robert\Documents\Outlook-Dateien
2016-03-21 07:25 - 2014-08-29 12:56 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\Packages
2016-03-21 04:58 - 2014-11-18 12:53 - 00000891 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-21 04:56 - 2016-02-12 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-21 04:53 - 2016-02-10 20:35 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-17 17:57 - 2014-09-12 11:02 - 00000000 ____D C:\Users\Florian Robert\AppData\Roaming\Skype
2016-03-16 10:22 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 10:17 - 2014-08-30 05:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-15 12:42 - 2014-08-31 04:54 - 00000054 _____ C:\Windows\NavWin.INI
2016-03-12 09:19 - 2014-11-20 09:14 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-12 09:19 - 2014-11-20 09:14 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-12 08:39 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-10 05:08 - 2013-08-22 10:44 - 00381504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 05:05 - 2015-04-15 05:40 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 04:43 - 2014-09-05 02:25 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-10 04:43 - 2014-09-05 02:25 - 00000000 ____D C:\Windows\system32\MRT
2016-03-08 17:23 - 2015-11-29 05:50 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-08 17:23 - 2015-09-14 13:23 - 00000778 _____ C:\Users\Public\Desktop\System Advisor Model (x64).lnk
2016-03-08 17:23 - 2015-07-20 03:02 - 00002643 _____ C:\Users\Public\Desktop\Stealth Trader v2.5.3.lnk
2016-03-08 17:23 - 2015-06-26 05:41 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-03-08 17:23 - 2014-12-23 13:07 - 00000890 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-08 17:23 - 2014-11-20 09:15 - 00002022 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-08 17:23 - 2014-11-04 13:38 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-03-08 17:23 - 2014-10-29 13:25 - 00001862 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-08 17:23 - 2014-10-29 13:01 - 00001367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-08 17:23 - 2014-10-29 13:01 - 00001349 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-08 17:23 - 2014-10-19 06:43 - 00002745 _____ C:\Users\Public\Desktop\MarginCalculator.exe.lnk
2016-03-08 17:23 - 2014-09-15 07:11 - 00000999 _____ C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2016-03-08 17:23 - 2014-09-02 02:14 - 00001778 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-03-08 17:23 - 2014-09-02 02:13 - 00001712 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-03-08 17:23 - 2014-08-31 04:53 - 00001735 _____ C:\Users\Public\Desktop\Trade Navigator.lnk
2016-03-08 17:23 - 2014-08-31 04:46 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-08 17:23 - 2014-08-31 04:46 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-08 17:23 - 2014-08-31 04:35 - 00000918 _____ C:\Users\Public\Desktop\AOL 9.0 VR.lnk
2016-03-08 17:23 - 2014-05-29 15:41 - 00001245 _____ C:\Users\Public\Desktop\Help and Support.lnk
2016-03-08 17:23 - 2014-04-24 21:14 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-08 17:22 - 2016-02-23 12:42 - 00002623 _____ C:\Users\Florian Robert\Desktop\GoToMeeting Quick Connect.lnk
2016-03-08 17:22 - 2015-01-07 07:11 - 00001647 _____ C:\Users\Florian Robert\Desktop\Canon MG3500 series Printer (LAMBARENE) - Verknüpfung.lnk
2016-03-08 17:22 - 2014-11-09 11:02 - 00001458 _____ C:\Users\Florian Robert\Desktop\gimp-2.8.exe - Verknüpfung.lnk
2016-03-08 17:22 - 2014-10-22 04:41 - 00002321 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert.lnk
2016-03-08 17:22 - 2014-10-22 04:41 - 00002271 _____ C:\Users\Florian Robert\Desktop\Convert.lnk
2016-03-08 17:22 - 2014-10-15 11:17 - 00003099 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2016-03-08 17:22 - 2014-09-15 07:11 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
2016-03-08 17:22 - 2014-09-15 03:25 - 00001176 _____ C:\Users\Florian Robert\Desktop\Genie Media Servers (Lambarene[Windows]) - Verknüpfung.lnk
2016-03-08 17:22 - 2014-08-29 12:56 - 00001276 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2016-03-08 17:22 - 2014-08-29 12:55 - 00000469 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-08 17:22 - 2014-08-29 12:55 - 00000467 _____ C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-08 17:20 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Camera
2016-03-08 03:00 - 2015-10-15 03:25 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:00 - 2015-10-15 03:25 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 10:37 - 2014-12-29 04:35 - 00000000 ____D C:\Users\Florian Robert\AppData\Local\PDFCreator
2016-03-04 03:58 - 2014-10-29 13:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-01 04:30 - 2014-11-20 09:14 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-20 09:30 - 2014-06-20 09:30 - 0005293 _____ () C:\Users\Florian Robert\AppData\Roaming\Margin.ini
2014-11-18 12:23 - 2014-12-10 13:45 - 0007168 _____ () C:\Users\Florian Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-09 05:57 - 2015-02-09 05:57 - 0001610 _____ () C:\Users\Florian Robert\AppData\Local\recently-used.xbel
2015-08-14 03:04 - 2015-08-14 03:04 - 0007605 _____ () C:\Users\Florian Robert\AppData\Local\Resmon.ResmonCfg
2014-05-29 15:11 - 2014-05-29 15:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Florian Robert\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Florian Robert\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-03-25 11:05

==================== Ende von FRST.txt ============================
 
Here is Addition.txt Part 1
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Florian Robert (2016-03-28 02:40:16)
Gestartet von C:\Users\Florian Robert\Desktop
Windows 8.1 (X64) (2014-08-29 16:55:45)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-499248853-3292403601-2203723613-500 - Administrator - Disabled)
Florian Robert (S-1-5-21-499248853-3292403601-2203723613-1001 - Administrator - Enabled) => C:\Users\Florian Robert
Gast (S-1-5-21-499248853-3292403601-2203723613-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-499248853-3292403601-2203723613-1005 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.02.2002 - Acer Incorporated)
abFiles Shell Extension (HKLM-x32\...\{0E1996B9-B733-4096-8FD7-239850ED0B2A}) (Version: 2.00.3001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8103 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3010 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.103.2020.206 - Alps Electric)
AOL Deinstallation (HKLM-x32\...\AOL Deinstallation) (Version: - )
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Convert (HKLM-x32\...\{23970E31-948B-466E-8376-1224D32FDF0C}) (Version: 4.10 - Joshua F. Madison)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
GenesisDependencyInstaller (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1d1c516df34faca9) (Version: 3.2.1.40 - Microsoft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{2ff1a4b2-d080-4abd-a571-d0cef9664790}) (Version: 1.7.0.1011 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Joulemeter (HKLM-x32\...\{E043568C-1745-4C69-9D52-43F6E79EB03B}) (Version: 1.2.0 - Microsoft Research)
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
MainConceptDemoCodecs (HKLM-x32\...\{587CC611-95FA-442B-852D-A9B0DEC5C09B}) (Version: 1.01.0000 - Kummert GmbH)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarginCalculator (HKLM-x32\...\{07292B57-7EEB-4C68-8353-F2C03F6743E0}) (Version: 2.00.14000 - Eurex)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Grafiktreiber 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
SAM 2015.6.30 (HKLM\...\{4A0EDADE-6CE6-4CB4-907E-1401911B4D6D}_is1) (Version: - National Renewable Energy Laboratory)
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stealth Trader (HKLM-x32\...\{CE6E1500-5269-43C4-A27F-7EF642F806B1}) (Version: 2.5.3 - Epcylon Technologies, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinnaLotto (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-499248853-3292403601-2203723613-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {043C04C0-912E-448F-9516-625F063EBDE9} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {1983AFC4-A91E-4338-A4E4-40606A7D34C1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {1E0C86D9-7717-418B-85BE-2151801B1F08} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {2B542F11-20B4-4B91-B8BA-F18531BDBF75} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-01-18] (Acer Incorporate)
Task: {2C264D81-BE2A-43BB-96C7-5508AA420BDB} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {2F02F91C-6817-4DA6-AA8A-AC9905A57956} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {351066C4-9910-4753-9921-D875855DB128} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {376E85C0-980F-4705-ABCF-32E2A31DE151} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)
Task: {38A47185-4F3D-41B3-839F-9D70B8F405F4} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
Task: {512A3B5F-7206-42CD-BCEC-D57628D69156} - System32\Tasks\SafeZone scheduled Autoupdate 1458719394 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
Task: {52ECB692-4B94-458B-8241-D436CFB282D1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {53306C79-0E98-4DD7-BFBB-AB4BCDE6BDC1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-21] (Adobe Systems Incorporated)
Task: {612E08FE-7398-4B89-BEEB-C22736E637DF} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {647F822C-5494-497D-9126-3EAF611C1AED} - System32\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6D6C0714-71EC-43F7-BB8A-6BDE5EE97DF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {70E30D3F-7F5A-4465-B3D4-FE57FF72C816} - System32\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {72CBF039-634D-4EB3-9FF0-D4242D961C7E} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {7DD729FA-E5F2-41F1-952E-4EDF5A7BEB26} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {81369795-B8A7-4282-AF85-36607ED59EAD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {833A8C49-7BA2-47F4-94FB-4EDCDAD6D4C7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {84A2C329-5D8A-4F1B-A486-37102291120B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {8516AB4D-CDB3-4941-B482-E741EFE1E2F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {8911D987-EA05-4426-9260-40C3ABF4013E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {8D6A02C4-DF12-4C14-84A5-85855FD8FF32} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {91835FDF-0EAA-44AB-A585-48BC7C6DAA76} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate)
Task: {9D4AE1C4-0189-4D31-A5B4-B900283B877C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {A4587FAC-2F27-40DD-B379-0025AEA88938} - System32\Tasks\Florian Robert DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {D7AFA013-901F-4AB8-9104-3ED5E1A2859D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {E053A28F-2488-46AE-AF68-51CCA551B9B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {E3B3D0C5-6CC1-4960-874E-33A0A8BAC849} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-499248853-3292403601-2203723613-1001 => C:\Users\Florian Robert\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-11-04] (Microsoft Corporation)
Task: {F071FE89-9903-4294-96D1-28B3F4B97842} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {F512499D-FBA8-4EF0-9B40-1B17B017C409} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-09] (AVAST Software)
Task: {FC50D263-9778-4E50-AD07-8E43C0153FEF} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-499248853-3292403601-2203723613-1001.job => C:\Users\Florian Robert\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-05-29 14:53 - 2014-03-24 08:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-06 04:01 - 2012-06-21 01:25 - 00113152 _____ () C:\Windows\System32\redmon64.dll
2013-09-04 14:13 - 2013-09-04 14:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-08-30 05:26 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-07 05:44 - 2015-07-07 05:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-12-03 07:43 - 2015-12-03 07:43 - 00369824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2014-05-29 15:29 - 2012-04-24 06:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-29 15:35 - 2014-01-03 08:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-07-08 12:53 - 2013-07-08 12:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2016-02-09 09:18 - 2016-02-09 09:18 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-09 09:18 - 2016-02-09 09:18 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-27 06:24 - 2016-03-27 06:24 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032701\algo.dll
2016-02-09 09:18 - 2016-02-09 09:18 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-28 02:36 - 2016-03-28 02:36 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032702\algo.dll
2014-10-29 13:00 - 2014-05-13 07:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-29 13:00 - 2014-05-13 07:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-29 13:00 - 2014-05-13 07:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-29 13:00 - 2012-08-23 05:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-29 13:00 - 2012-04-03 12:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-09 08:21 - 2011-03-09 08:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 08:21 - 2011-03-09 08:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-12-06 04:21 - 2015-12-06 04:21 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-15 06:55 - 2016-02-22 22:25 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-15 06:42 - 2016-02-22 22:23 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-12-03 10:21 - 2015-12-03 10:21 - 00202456 _____ () C:\Program Files (x86)\Acer\abMedia\curllib.dll
2015-12-03 10:23 - 2015-12-03 10:23 - 00654000 _____ () C:\Program Files (x86)\Acer\abMedia\sqlite3.dll
2015-12-03 10:23 - 2015-12-03 10:23 - 00641240 _____ () C:\Program Files (x86)\Acer\abMedia\tag.dll
2015-12-03 10:23 - 2015-12-03 10:23 - 00119000 _____ () C:\Program Files (x86)\Acer\abMedia\OpenLDAP.dll
2016-02-05 15:06 - 2016-02-05 15:06 - 00015064 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 18:12 - 2016-01-14 18:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 18:11 - 2016-01-14 18:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 13:44 - 2015-11-23 13:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2016-01-19 16:06 - 2016-01-19 16:06 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-01-19 16:06 - 2016-01-19 16:06 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2014-05-29 14:55 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
Here is Part 2 of Additions.txt:
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7872 mehr Seiten.

IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7872 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 09:25 - 2016-03-07 05:12 - 00451004 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

Da befinden sich 15471 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-499248853-3292403601-2203723613-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "FreePDF Assistant"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-499248853-3292403601-2203723613-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BE63103F-01FE-4676-8B94-97D7DC811EC5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{528BC9F1-A002-4ECF-9F06-1A777F61C024}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{1B781FC7-4111-4EC1-9A81-7C5202337095}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AEC31969-333F-40C6-A19B-573BC8622596}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ADEE17FA-9B20-4698-A30F-DF632BAFB8E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E84B5257-4EA8-4495-ACEE-02B49E7A1E21}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{BA38BBD5-5942-4246-A968-37972E3F5654}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{D57CC8DF-6A80-4F40-B14A-C4EF81BC03C4}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{63FA8E33-7307-4637-96BC-42B4570236AF}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{E283BB9B-4C7F-4707-B7A7-DA251AEB87D7}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{E20EF89D-36B3-4D32-A69B-FE8471EB0BF2}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{518B10CC-5BCE-47F9-8B4A-0FDFF7083F3D}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
FirewallRules: [{84645464-4B73-4F87-9287-60D56F609122}] => (Allow) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
FirewallRules: [{1A945F5A-9CF6-4649-B28C-B7521349F578}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A2034403-65A3-4FAC-A780-B83C4837CB90}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{AE7EA85D-1AAD-4E96-8E30-786DEFC31BC0}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{27A73335-38CB-473B-8719-3F89C3588F3C}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{3E062DC1-DBDA-4906-A7AC-EE6B9EAFC95F}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{6D5DB314-940C-4545-A2BC-BBC5CEFA27FC}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{2D2B4A18-FC98-49E3-BADA-F89C6BA5817E}] => (Allow) LPort=8888
FirewallRules: [{7E5C0E00-F608-4F40-BFE0-58FBA197FE4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{158D565F-2419-4588-A26F-905FEC645665}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CFD355E3-DD15-42FE-861A-E0CBE1511910}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B8CD7291-1844-4BF7-BAC1-0C3C31F20E73}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6B6D5368-7C75-4DC5-8E5C-4019E1D2812D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DC807A60-CACA-4A62-B954-3839B9656727}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DD59612C-C005-4513-917C-FB78A8A7CA2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DFA8515A-B676-480B-AC7B-5A55E745A4BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A0FB273A-11A8-4A30-8031-F80B0533EF6F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{13CD43FF-4354-414D-9E61-9256B9D034D6}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{5DBA44E4-BC86-41DF-8656-D5F69171780E}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{23E3590C-EDF8-435A-904C-00B66EBEC9C1}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{51512AF6-109A-47E4-9291-3DFFD9F28E2A}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{ABC1AD0D-94D6-4C5B-8B21-8880546513CF}] => (Allow) C:\Program Files (x86)\Common Files\aol\1409474061\ee\aolsoftware.exe
FirewallRules: [{439882BE-72FB-49BE-8DCF-76FFEB4DBF54}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{A61CAB5D-CEA7-4199-9163-33190848D109}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{8D682E05-E80B-4411-A4C0-60CF78AA5D5B}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{6710D04F-8592-44DF-AFF6-6177A73D7BD9}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{D7ECA97D-7AC5-4D49-AA9C-F53AB9A7AC07}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{08B72412-0F80-4ED1-B85C-851E4B153342}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{1F4D17B4-4E5D-45A4-B073-E9A1704A8D8D}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{7827D62E-89F8-494E-9B58-37B3A3169CBA}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{CE064D7C-0584-407A-93DB-BE0062827D51}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{BDF7047E-0755-4460-93AA-8E018DC7C774}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{1B90EE3C-2C85-44CE-9A9E-E594814EC60F}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{4BD0D59F-776D-4236-BD8C-B2897A74A348}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{406D9472-5134-4699-A54F-6B2D264CCC91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{84FDCAAE-AF87-474E-B31F-6A4C41FB170F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A186846E-3CC9-4BED-B766-FE5DB5012C64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A5A7918D-CCA9-456A-A26F-DC07569C72FB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C953820C-8A83-4BF2-BF9B-9CD18405DB56}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F739AE1-CB87-4BED-BC60-F40E173A7F92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EB636362-36CF-4239-BE33-6D60C5B21451}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EA0876E7-7883-435C-9D40-5CE5BE1976DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F4218BE4-F7FD-417A-9319-DF3430D0E989}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{596B9E55-4EC4-4A29-ACB4-5B864FC98E81}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5C98BB30-90E6-479A-ABB3-D5F02B8C6E72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4441C552-9E32-4825-BBA5-1B748024AEEB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{48DAB9D6-EF45-40D9-9656-1E780A1BCBA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{57D0ADA1-1D63-445F-ACBD-0371C1A9678E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{974439C0-8264-4F7B-895C-B0DE38038E32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E92BFC83-C73F-471C-B655-F099F0462C44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25EE1910-5A61-4F84-AED2-A85043F6E66C}] => (Allow) LPort=8888
FirewallRules: [{67A2A0FC-70AF-4C6D-B8F0-1A4AAADB8597}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B4FB5395-208C-403E-A8CF-9F2762F56CFD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2A4FA544-A387-4176-B193-FD060E9C1BE0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{50D1D61A-778A-4E95-91F7-E8C5E0C2A609}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EBB9CAED-0AF6-4C08-924C-F9BCE2D018C4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DFA1C554-1F5B-4CAB-BE6B-0E9EE3EB72AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0792797F-73BB-473F-BAB9-0542A25CCFDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D8D8BCF3-5560-4F80-8550-5D82C194F925}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{14593135-DE9B-420F-B3D1-94BA9B809274}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0C1AD51E-92B8-42E7-8D89-9F02D83909BB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{119F7757-D5DB-442B-B993-7C83585F19E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B9493091-11E9-4366-8515-A74C38418D2C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C84C1DF6-BAAE-43AB-9118-2F86C848C3EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A97A83AA-91D6-4A0E-9E18-18BBE783D9AE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D21911CC-25EC-4D93-B6E4-9E891E24FDF3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AA4AA449-5FB8-43A7-91F8-76C76F2B7DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{86154076-E317-4026-9051-EAFBC8DE63AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A1621378-B077-4F25-A98E-F66E2A0CE46D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{41C79DCC-0ACA-4C75-97A5-E891251C65E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{45D86E81-2142-4956-B5FB-92E62060473A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B97B6753-C820-4FC3-B638-05C4A6ACB72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7E618D33-0C92-4AFA-B165-31B81C95278D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DB079ABF-600C-49EF-B69B-6A464D92A006}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8BC5D5A8-95F2-4741-81D7-C844EF1E878A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1DA4E5A4-59DD-4F2A-B130-8D78E5BCC94B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{98D39DD7-F072-4189-9B1C-9437865A5DE8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D36BB8DD-DC10-4F77-B194-08F80BCA1709}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73DD00CD-0919-4AF0-B205-6D099A9FFCBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{946CDC96-66DA-455A-A1E8-5AA170CA93D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{69FF58EC-3CE4-4A68-9C60-5835C800D8FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5EBDDDB7-690F-483D-B869-13B7D02A91F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6013E745-1042-499D-9D99-B3D33B877D3C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CFCEBB1F-48AA-440A-A67A-18DF91B569E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8ABC8A64-70DA-4B4B-BB84-C2DA6E27EB3B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C728CDAA-8B85-4507-909E-472583D73A21}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D5F9ED46-03B8-495B-A3F5-46DEF918004D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DD6985B1-9CC6-49BB-A13A-04A733229AA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{020A4680-3E89-446D-B700-0105D6F30E5B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{84FEDEFD-E9D2-4E47-81DE-B233169D0D85}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BF7088D1-5125-4D2D-B7A9-FB1B491B9AFB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F96413CC-E9C9-4995-AD4D-076D5F71A5E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{88EB3689-CB2A-4F69-AF64-BDC22C035019}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1452F46A-990F-4866-813A-3BE3CEFD6556}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{47368D5A-753D-4930-B7E5-3C1579DC3D7D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1C4F7991-659F-45E5-850B-D35A27D664A1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DA87CF50-5225-40C8-8D73-F41D2053BEE2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1A0CE8E7-6E14-4813-A948-B3C595A59241}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4BAC57A9-0013-4526-BF17-53D2F42726F0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B77D79B6-DB55-4513-B5CF-2A532B760D32}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E5230FC5-F456-4228-B6D9-814B5E19B3A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{655279DD-0935-4649-8FD2-8B7A4743490C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A09F8F39-C76E-4360-8AE2-7BDE4B318E86}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C325ED5F-CF76-453E-9B1B-7C396EDFFA0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8A6C666E-715E-4107-9715-30900496197E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74349A4D-B31B-4AA8-BBB5-63475FC25E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C6F77A8-04A7-410B-BD3F-BEE3A1424C55}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1C5711A9-0EFD-4178-9307-2D7C3DA9450A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{00CD2CA3-24C0-41FA-8551-0573D82880BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8236F01C-98F5-4CB3-A832-F7FF77D1942A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{51C75DAB-9576-4982-B15A-8B887F7B345A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A0B098E2-7A24-4325-994C-33B12EB22232}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{34B73CEA-8E5B-482E-8DFF-5DCA2A8B7EBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AE915E69-A811-44CD-92AE-CFE2F151ED91}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{C6A8CDB9-B617-40C1-94BA-54CD7525ADD1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EECF6088-A320-48E9-A39A-F5051E90BFA6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

08-03-2016 11:18:04 Intel(R) Technology Access
11-03-2016 13:48:14 Windows Update
24-03-2016 04:40:26 Windows Update
27-03-2016 05:55:39 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/26/2016 07:05:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
Name des fehlerhaften Moduls: EXCEL.EXE, Version: 15.0.4805.1001, Zeitstempel: 0x56c432bb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00068798
ID des fehlerhaften Prozesses: 0x1848
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3
Vollständiger Name des fehlerhaften Pakets: EXCEL.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: EXCEL.EXE5

Error: (03/26/2016 06:25:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 45.0.1.5918, Zeitstempel: 0x56e8b7df
Name des fehlerhaften Moduls: mozglue.dll, Version: 45.0.1.5918, Zeitstempel: 0x56e8a981
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f0ea
ID des fehlerhaften Prozesses: 0x2510
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (03/26/2016 06:25:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 45.0.1.5918 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ac4

Startzeit: 01d187421ddcfd0b

Endzeit: 366

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: fde30c5d-f33c-11e5-86bc-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/24/2016 05:40:10 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-499248853-3292403601-2203723613-1001}/">.

Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Details:
Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801)

Error: (03/24/2016 05:38:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Details:
Die Daten sind unzulässig. 0x8007000d (0x8007000d)

Error: (03/23/2016 06:27:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Seagate.Dashboard.DASWindowsService.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Management.ManagementException
Stapel:
bei System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
bei System.Management.SinkForEventQuery.Cancel()
bei System.Management.ManagementEventWatcher.Stop()
bei System.Management.ManagementEventWatcher.Finalize()

Error: (03/23/2016 03:04:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CLVIEW.EXE, Version 15.0.4801.1000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a00

Startzeit: 01d18536b95b0d9b

Endzeit: 18

Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\CLVIEW.EXE

Berichts-ID: fcfd7070-f129-11e5-86b2-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/23/2016 04:12:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 120

Startzeit: 01d184d79c1793e8

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 34120cd4-f0ce-11e5-86b1-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/23/2016 04:06:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EXCEL.EXE, Version 15.0.4805.1001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 85c

Startzeit: 01d184d8586be741

Endzeit: 131

Anwendungspfad: C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE

Berichts-ID: 290075e0-f0ce-11e5-86b1-c4544477a64a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (03/28/2016 02:34:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎03.‎2016 um 22:20:58 unerwartet heruntergefahren.

Error: (03/27/2016 12:26:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

Error: (03/27/2016 12:22:21 PM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 12:22:21 PM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 12:22:19 PM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 06:25:02 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (03/27/2016 06:25:01 AM) (Source: DCOM) (EventID: 10016) (User: FLORIAN)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}FlorianFlorian RobertS-1-5-21-499248853-3292403601-2203723613-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
Date: 2014-11-20 08:00:20.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-11-20 07:46:58.286
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 8072.27 MB
Verfügbarer physikalischer RAM: 6075.13 MB
Summe virtueller Speicher: 9352.27 MB
Verfügbarer virtueller Speicher: 7131.64 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:898.59 GB) (Free:691.59 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1CCF8D51)

Partition: GPT.

==================== Ende von Addition.txt ============================
 
Dear Bruni, thanks for your patience. From my limited knowledge I deduct that there is damage to EXCEL and other places. What can I do to "undo" or correct these defects?
What is your advice?
 
I deduct that there is damage to EXCEL and other places
Click to expand...
Not sure what you mean...

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 1
Hi Bruni, you wrote:
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
I ran FRST64.exe but there is no "FIX" button. I have four choices: Scan, File search, Registry search and Remove.

I pressed "Scan" and it generated another FRST.txt file.

Am I missing something?
 
You must log in or register to reply here.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back