Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: PUA/Somoto.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.04.2015, 18:46   #1
Vega27
 
Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Hallo Zusammen,

mein Antivirusprogramm hat mir soeben den Fund "PUA/Somoto.Gen" gemeldet und diesen in Quarantäne verschoben. Arbeite in einem separaten, zugriffsbeschränkten Account. Es konnte lediglich der FRST-Scan durchgeführt werden, da die Deaktivierung des Antivirusprogramms für den GMER-Scan nicht möglich ist, der Zugriff endet stets mit der Meldung: "Auf das angegebene Geräte, bzw. den Pfad oder dieDatei konnte nicht zugegriffen werden." Zusätzlich mündet der Versuch eines Benutzerwechsels in einem Blackscreen. Nach Neustart befinde ich mich nun im Benutzerkonto des Administrators, Deaktivierung von AntiVir auch hier nicht möglich.

Vielen Dank im Voraus für etwaige Hilfestellungen!

Im Folgenden der FRST-Scan.

FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by ACER (administrator) on FLORIAN on 12-04-2015 19:05:44
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER & Florian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
( ) C:\Windows\System32\lxeacoms.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Hosts: 127.0.0.1 hansesim.local
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18]

Chrome: 
=======
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-14]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 19:05 - 2015-04-12 19:07 - 00019245 _____ () C:\Users\ACER\Desktop\FRST.txt
2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Downloads\FRST64.exe
2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia
2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla
2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt
2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt
2015-04-12 18:17 - 2015-04-12 19:05 - 00000000 ____D () C:\FRST
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip
2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip
2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains
2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio
2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe
2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird
2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-31 10:45 - 2015-03-31 18:29 - 00205126 _____ () C:\Windows\PFRO.log
2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx
2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe
2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 19:03 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 19:00 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:00 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla
2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira
2015-04-12 18:57 - 2012-01-11 13:13 - 01953147 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 18:56 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr
2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe
2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 18:52 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-12 18:51 - 2014-10-17 11:19 - 00005544 _____ () C:\Windows\setupact.log
2015-04-12 18:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 18:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 10:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe
2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien
2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android
2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla
2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools
2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian
2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat
2015-04-06 18:59 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER
2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk
2015-03-13 12:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel
2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg
2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log
2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log
2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log
2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\ACER\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\Cleanup.dll
C:\Users\ACER\AppData\Local\Temp\difxapi.dll
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2jp2ns.dll
C:\Users\Florian\AppData\Local\Temp\FileSystemView.dll
C:\Users\Florian\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 15:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by ACER at 2015-04-12 19:07:40
Running from C:\Users\ACER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version:  - Change Vision, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BaseX (HKLM-x32\...\BaseX) (Version:  - BaseX Team)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version:  - ES-Computing)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook)
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC)
flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.)
Pencil (HKLM-x32\...\Pencil) (Version:  - Evolus Co., Ltd.)
PlanetSide 2 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version:  - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File

==================== Restore Points  =========================

03-04-2015 13:46:01 Windows Update
04-04-2015 21:22:10 Windows Update
10-04-2015 10:15:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-03-28 15:31 - 00000850 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 hansesim.local

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-15 19:11 - 2014-09-24 17:28 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 22:27 - 2015-01-07 22:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2012-06-22 23:53 - 2012-06-22 23:53 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2012-06-22 23:24 - 2012-06-22 23:24 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2012-06-22 23:39 - 2012-06-22 23:39 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2012-06-22 23:55 - 2012-06-22 23:55 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 22:28 - 2012-02-06 22:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 22:28 - 2012-02-06 22:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 22:28 - 2012-02-06 22:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 21:01 - 2011-05-10 21:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2012-06-22 23:59 - 2012-06-22 23:59 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2012-10-27 09:53 - 2012-10-27 09:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-02-03 18:32 - 2015-02-03 18:32 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== Accounts: =============================

ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER
Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled)
Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian
Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2711282

Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2711282

Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9127

Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9127

Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 03:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114


System errors:
=============
Error: (04/12/2015 06:51:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 06:51:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/12/2015 06:51:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeaCATSCustConnectService erreicht.

Error: (04/12/2015 06:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (04/12/2015 06:51:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎04.‎2015 um 18:50:43 unerwartet heruntergefahren.

Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/11/2015 03:11:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeaCATSCustConnectService erreicht.

Error: (04/11/2015 03:11:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (04/11/2015 10:53:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MySQLServer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2711282

Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2711282

Error: (04/12/2015 03:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265

Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10265

Error: (04/12/2015 03:02:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9127

Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9127

Error: (04/12/2015 03:02:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 03:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7114


CodeIntegrity Errors:
===================================
  Date: 2013-09-07 18:26:10.022
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-07 18:26:09.944
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 13:27:31.933
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 13:27:31.855
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 13:26:53.152
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 13:26:53.052
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 13:23:50.733
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 13:23:50.624
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 12:50:30.437
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-25 12:50:30.359
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 7654.11 MB
Available physical RAM: 5389.57 MB
Total Pagefile: 15306.41 MB
Available Pagefile: 12879.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:497.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0)
Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Scans erfolgten im Benutzerkonto des Administrators.

Vielen Dank!

---
EDIT: Kurzer Nachtrag, das Problem der Deaktivierung des AntiVir-Programms konnte noch gelöst werden. Der explizite Start des Programms "als Administrator" brachte die gewünschte Zugriffberechtigung. Vorher funktionierte es merkwürdigerweise ohne diesen Aufwand.

Im Folgenden noch der GMER-Scan.

Gmer.txt:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-12 19:41:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\ACER\AppData\Local\Temp\axldypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                 0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                   0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                 0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                 000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                    00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17             00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                    000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17             0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                   000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                        0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                 000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                   0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                      000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                   00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                 00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20             00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[1328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31             00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                              0000000070ca17fa 2 bytes CALL 74b611a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                          0000000070ca1860 2 bytes CALL 74b611a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                        0000000070ca1942 2 bytes JMP 765f7089 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                       0000000070ca194d 2 bytes JMP 765fcba6 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                  0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                   00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                            00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                   000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                            0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                  000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                       0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                  0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                     000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                  00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                            00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                            00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17               00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17               000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                   0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                 000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                              0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                              0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                              000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                 00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                          00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                 000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                          0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                     0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                              000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                   000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                              00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                          00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Launch Manager\LManager.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                          00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17        0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17          0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17        0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42        000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17           00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17    00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17           000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17    0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17          000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17               0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17        000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17          0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17             000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17          00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17        00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20    00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31    00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17         0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17           0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17         0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42         000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17            00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17     00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17            000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17     0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17           000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17         000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17           0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17              000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17           00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17         00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20     00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[3720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31     00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[2880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[4744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                       0000000077131401 2 bytes JMP 74b8b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                         0000000077131419 2 bytes JMP 74b8b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                       0000000077131431 2 bytes JMP 74c08ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                       000000007713144a 2 bytes CALL 74b648ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                           * 9
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000771314dd 2 bytes JMP 74c087a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                   00000000771314f5 2 bytes JMP 74c08978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007713150d 2 bytes JMP 74c08698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                   0000000077131525 2 bytes JMP 74c08a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                         000000007713153d 2 bytes JMP 74b7fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000077131555 2 bytes JMP 74b868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                       000000007713156d 2 bytes JMP 74c08f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                         0000000077131585 2 bytes JMP 74c08ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007713159d 2 bytes JMP 74c0865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                         00000000771315b5 2 bytes JMP 74b7fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                       00000000771315cd 2 bytes JMP 74b8b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                   00000000771316b2 2 bytes JMP 74c08e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe[1956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                   00000000771316bd 2 bytes JMP 74c085f1 C:\Windows\syswow64\kernel32.dll

---- EOF - GMER 2.1 ----
         

Alt 12.04.2015, 18:50   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 12.04.2015, 19:29   #3
Vega27
 
Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Hallo Schrauber,

habe den Scan entsprechend laufen lassen.

Code:
ATTFilter
ComboFix 15-04-09.01 - ACER 12.04.2015  20:02:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7654.5311 [GMT 2:00]
ausgeführt von:: c:\users\ACER\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\ACER\AppData\Roaming\.#
c:\users\ACER\AppData\Roaming\.#\MBX@1034@1E82900.###
c:\users\ACER\AppData\Roaming\.#\MBX@1034@1E82930.###
c:\users\ACER\AppData\Roaming\.#\MBX@1034@1E82960.###
c:\users\ACER\AppData\Roaming\.#\MBX@1060@1C2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@1060@1C2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@1060@1C2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@1088@232900.###
c:\users\ACER\AppData\Roaming\.#\MBX@1088@232930.###
c:\users\ACER\AppData\Roaming\.#\MBX@1088@232960.###
c:\users\ACER\AppData\Roaming\.#\MBX@1168@1F72900.###
c:\users\ACER\AppData\Roaming\.#\MBX@1168@1F72930.###
c:\users\ACER\AppData\Roaming\.#\MBX@1168@1F72960.###
c:\users\ACER\AppData\Roaming\.#\MBX@1234@2012900.###
c:\users\ACER\AppData\Roaming\.#\MBX@1234@2012930.###
c:\users\ACER\AppData\Roaming\.#\MBX@1234@2012960.###
c:\users\ACER\AppData\Roaming\.#\MBX@1290@292900.###
c:\users\ACER\AppData\Roaming\.#\MBX@1290@292930.###
c:\users\ACER\AppData\Roaming\.#\MBX@1290@292960.###
c:\users\ACER\AppData\Roaming\.#\MBX@132C@2072900.###
c:\users\ACER\AppData\Roaming\.#\MBX@132C@2072930.###
c:\users\ACER\AppData\Roaming\.#\MBX@132C@2072960.###
c:\users\ACER\AppData\Roaming\.#\MBX@137C@2012900.###
c:\users\ACER\AppData\Roaming\.#\MBX@137C@2012930.###
c:\users\ACER\AppData\Roaming\.#\MBX@137C@2012960.###
c:\users\ACER\AppData\Roaming\.#\MBX@13F0@1FC2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@13F0@1FC2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@13F0@1FC2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@348@1D2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@348@1D2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@348@1D2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@448@1F32900.###
c:\users\ACER\AppData\Roaming\.#\MBX@448@1F32930.###
c:\users\ACER\AppData\Roaming\.#\MBX@448@1F32960.###
c:\users\ACER\AppData\Roaming\.#\MBX@4E8@282900.###
c:\users\ACER\AppData\Roaming\.#\MBX@4E8@282930.###
c:\users\ACER\AppData\Roaming\.#\MBX@4E8@282960.###
c:\users\ACER\AppData\Roaming\.#\MBX@5A8@20B2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@5A8@20B2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@5A8@20B2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@634@3B2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@634@3B2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@634@3B2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@73C@2092900.###
c:\users\ACER\AppData\Roaming\.#\MBX@73C@2092930.###
c:\users\ACER\AppData\Roaming\.#\MBX@73C@2092960.###
c:\users\ACER\AppData\Roaming\.#\MBX@948@20D2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@948@20D2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@948@20D2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@A38@1EE2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@A38@1EE2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@A38@1EE2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@C50@2F2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@C50@2F2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@C50@2F2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@CE0@262900.###
c:\users\ACER\AppData\Roaming\.#\MBX@CE0@262930.###
c:\users\ACER\AppData\Roaming\.#\MBX@CE0@262960.###
c:\users\ACER\AppData\Roaming\.#\MBX@D10@1F42900.###
c:\users\ACER\AppData\Roaming\.#\MBX@D10@1F42930.###
c:\users\ACER\AppData\Roaming\.#\MBX@D10@1F42960.###
c:\users\ACER\AppData\Roaming\.#\MBX@E38@1F62900.###
c:\users\ACER\AppData\Roaming\.#\MBX@E38@1F62930.###
c:\users\ACER\AppData\Roaming\.#\MBX@E38@1F62960.###
c:\users\ACER\AppData\Roaming\.#\MBX@E38@292900.###
c:\users\ACER\AppData\Roaming\.#\MBX@E38@292930.###
c:\users\ACER\AppData\Roaming\.#\MBX@E38@292960.###
c:\users\ACER\AppData\Roaming\.#\MBX@E80@1DD2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@E80@1DD2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@E80@1DD2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@EBC@672900.###
c:\users\ACER\AppData\Roaming\.#\MBX@EBC@672930.###
c:\users\ACER\AppData\Roaming\.#\MBX@EBC@672960.###
c:\users\ACER\AppData\Roaming\.#\MBX@EE4@1F32900.###
c:\users\ACER\AppData\Roaming\.#\MBX@EE4@1F32930.###
c:\users\ACER\AppData\Roaming\.#\MBX@EE4@1F32960.###
c:\users\ACER\AppData\Roaming\.#\MBX@F10@1EE2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@F10@1EE2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@F10@1EE2960.###
c:\users\ACER\AppData\Roaming\.#\MBX@F84@922900.###
c:\users\ACER\AppData\Roaming\.#\MBX@F84@922930.###
c:\users\ACER\AppData\Roaming\.#\MBX@F84@922960.###
c:\users\ACER\AppData\Roaming\.#\MBX@FDC@2C2900.###
c:\users\ACER\AppData\Roaming\.#\MBX@FDC@2C2930.###
c:\users\ACER\AppData\Roaming\.#\MBX@FDC@2C2960.###
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-12 bis 2015-04-12  ))))))))))))))))))))))))))))))
.
.
2015-04-12 17:02 . 2015-04-12 17:02	--------	d-----w-	c:\users\ACER\AppData\Local\Macromedia
2015-04-12 16:59 . 2015-04-12 17:00	--------	d-----w-	c:\users\ACER\AppData\Local\Mozilla
2015-04-12 16:17 . 2015-04-12 17:08	--------	d-----w-	C:\FRST
2015-04-12 15:28 . 2015-04-12 15:28	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D8898F-95A5-458B-86DE-AE3C290B78AE}\offreg.dll
2015-04-10 08:16 . 2015-03-14 10:02	12002392	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D8898F-95A5-458B-86DE-AE3C290B78AE}\mpengine.dll
2015-04-07 12:45 . 2015-04-07 12:45	--------	d-----w-	c:\users\Florian\AppData\Roaming\JetBrains
2015-04-07 12:44 . 2015-04-07 12:44	--------	d-----w-	c:\users\Florian\.AndroidStudio
2015-04-04 19:22 . 2015-04-04 19:22	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-04 19:22 . 2015-04-04 19:22	--------	d-s---w-	c:\windows\system32\GWX
2015-04-04 10:39 . 2015-04-05 07:17	--------	d-----w-	c:\program files (x86)\Thunderbird
2015-03-30 10:23 . 2015-03-30 10:23	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-12 02:01 . 2012-08-15 10:56	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 08:38	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-11 08:38	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-11 08:38	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 08:38	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 08:38	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 08:38	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 08:38	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 08:38	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 08:38	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 08:38	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 08:38	728064	----a-w-	c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 08:38	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 08:38	22016	----a-w-	c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 08:38	31232	----a-w-	c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 08:38	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 08:38	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 08:38	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 08:38	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 08:38	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 08:38	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 08:38	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 08:38	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 08:38	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 08:38	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 08:38	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 08:38	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 08:38	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 08:38	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 08:38	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 08:38	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 08:38	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-03-03 10:20 . 2013-05-02 08:24	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-03-03 10:20 . 2013-03-28 09:09	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-03-03 10:20 . 2013-03-28 09:09	128536	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-02-26 03:25 . 2015-03-11 08:37	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 03:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-24 03:15 . 2015-03-11 08:37	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 08:37	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 08:37	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 08:40	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 08:40	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 08:40	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 08:40	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 08:40	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 08:40	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 08:40	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 08:40	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 08:41	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 08:40	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 08:37	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 08:37	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 08:37	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 08:37	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 08:37	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 08:37	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 08:37	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 08:37	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 08:37	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 08:37	633856	----a-w-	c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 08:37	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 08:37	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 08:37	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 08:37	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 08:37	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 08:37	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 08:37	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 08:37	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 08:37	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 08:37	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 08:37	199680	----a-w-	c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 08:37	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 08:37	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 08:37	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 08:37	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 08:37	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 08:37	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 08:37	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 08:37	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 08:37	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 08:37	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 08:37	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 08:37	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 08:37	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 08:37	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 08:37	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 08:37	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 08:37	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 08:37	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-02-13 05:22 . 2015-03-11 08:38	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-05 16:03 . 2012-08-16 00:02	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 16:03 . 2011-11-02 21:18	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 03:16 . 2015-03-11 08:34	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 08:34	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 08:40	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 08:40	5554104	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-03 03:34 . 2015-03-11 08:40	94656	----a-w-	c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 08:40	616360	----a-w-	c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 08:40	14632960	----a-w-	c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 08:40	782848	----a-w-	c:\windows\system32\wmdrmsdk.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2013-11-12 55360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-31 726320]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-01-07 2694320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxeaserv.exe [x]
R2 MySQLServer;MySQLServer;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQLServer;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQLServer [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 Origin Client Service;Origin Client Service;c:\games\Origin\OriginClientService.exe;c:\games\Origin\OriginClientService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 16:03]
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08 17:19]
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08 17:19]
.
2014-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 15:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-12-19 14:57	1039008	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-12-19 14:57	1039008	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-12-19 14:57	1039008	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-09-19 557768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-EditPlus 3 - c:\tools\remove.exe
AddRemove-Mozilla Thunderbird 14.0 (x86 de) - c:\program files (x86)\uninstall\helper.exe
AddRemove-MultiBit 0.5.14 - c:\program files (x86)\Java\jre7\bin\javaw.exe
AddRemove-Talend Open Studio - c:\tools\BI\Talend\Uninstall-TOS_DI-Win32-r101800-V5.3.0.exe
AddRemove-soe-PlanetSide 2 PSG - c:\games\PlanetSide 2\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQLServer]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQLServer"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQLServer]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQLServer"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-12  20:25:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-12 18:25
.
Vor Suchlauf: 20 Verzeichnis(se), 533.930.549.248 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 545.080.852.480 Bytes frei
.
- - End Of File - - 239423E8DC876524B90B57EEBC299FCD
A36C5E4F47E84449FF07ED3517B43A31
         
__________________

Alt 13.04.2015, 09:49   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 11:07   #5
Vega27
 
Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Hallo Schrauber,

hier die Resultate der Scans.

mbam.txt:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 11:11:16
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.03
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ACER

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 430063
Verstrichene Zeit: 26 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
adwcleaner.txt:

Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 11:48:21
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : ACER - FLORIAN
# Gestarted von : C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [1041 Bytes] - [13/04/2015 11:45:46]
AdwCleaner[S0].txt - [963 Bytes] - [13/04/2015 11:48:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1021  Bytes] ##########
         
JRT.txt:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by ACER on 13.04.2015 at 11:54:19,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"



~~~ FireFox

Emptied folder: C:\Users\ACER\AppData\Roaming\mozilla\firefox\profiles\cgozwaas.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2015 at 11:57:53,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by ACER (administrator) on FLORIAN on 13-04-2015 11:59:55
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER (Available profiles: ACER & Florian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18]

Chrome: 
=======
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed]
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 11:59 - 2015-04-13 12:01 - 00016151 _____ () C:\Users\ACER\Desktop\FRST.txt
2015-04-13 11:57 - 2015-04-13 11:57 - 00000870 _____ () C:\Users\ACER\Desktop\JRT.txt
2015-04-13 11:54 - 2015-04-13 11:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FLORIAN-Windows-7-Home-Premium-(64-bit).dat
2015-04-13 11:54 - 2015-04-13 11:54 - 00000000 ____D () C:\RegBackup
2015-04-13 11:53 - 2015-04-13 11:53 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe
2015-04-13 11:45 - 2015-04-13 11:48 - 00000000 ____D () C:\AdwCleaner
2015-04-13 11:44 - 2015-04-13 11:13 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
2015-04-13 11:40 - 2015-04-13 11:40 - 00001209 _____ () C:\Users\ACER\Desktop\mbam.txt
2015-04-13 11:10 - 2015-04-13 11:10 - 00000979 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-13 09:53 - 2015-04-13 09:53 - 00561064 _____ (Oracle Corporation) C:\Users\Florian\Downloads\chromeinstall-8u40.exe
2015-04-13 09:51 - 2015-04-13 09:51 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Oracle
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 20:25 - 2015-04-12 20:25 - 00034244 _____ () C:\ComboFix.txt
2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\Qoobox
2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\ComboFix
2015-04-12 19:58 - 2015-04-12 20:23 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 19:58 - 2015-04-12 19:57 - 05617275 ____R () C:\Users\ACER\Desktop\ComboFix.exe
2015-04-12 19:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 19:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 19:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 19:10 - 2015-04-12 19:10 - 00380416 _____ () C:\Users\ACER\Desktop\Gmer-19357.exe
2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia
2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla
2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt
2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt
2015-04-12 18:17 - 2015-04-13 11:59 - 00000000 ____D () C:\FRST
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip
2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip
2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains
2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio
2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe
2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird
2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-31 10:45 - 2015-04-12 20:16 - 00205678 _____ () C:\Windows\PFRO.log
2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx
2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe
2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 11:55 - 2012-01-11 13:13 - 01989869 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 11:55 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 11:55 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 11:52 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr
2015-04-13 11:50 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 11:49 - 2014-10-17 11:19 - 00005712 _____ () C:\Windows\setupact.log
2015-04-13 11:49 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 11:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 11:11 - 2014-06-18 10:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 11:10 - 2014-06-18 10:56 - 00000000 ____D () C:\Program Files (x86)\Anti-Malware
2015-04-13 11:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 11:03 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 09:54 - 2015-01-25 16:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-13 09:54 - 2014-08-09 10:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-13 09:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe
2015-04-12 20:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 20:18 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla
2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira
2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe
2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien
2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android
2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla
2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools
2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian
2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat
2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER
2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 06:15 - 2014-06-18 10:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-18 10:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-06-18 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk

==================== Files in the root of some directories =======

2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel
2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg
2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log
2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log
2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log
2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\Quarantine.exe
C:\Users\ACER\AppData\Local\Temp\sqlite3.dll
C:\Users\Florian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 15:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by ACER at 2015-04-13 12:01:53
Running from C:\Users\ACER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version:  - Change Vision, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BaseX (HKLM-x32\...\BaseX) (Version:  - BaseX Team)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version:  - ES-Computing)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook)
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC)
flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.)
Pencil (HKLM-x32\...\Pencil) (Version:  - Evolus Co., Ltd.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version:  - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File

==================== Restore Points  =========================

03-04-2015 13:46:01 Windows Update
04-04-2015 21:22:10 Windows Update
10-04-2015 10:15:53 Windows Update
12-04-2015 19:58:54 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-12 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2015-02-05 18:03 - 2015-02-05 18:03 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== Accounts: =============================

ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER
Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled)
Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian
Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 24%
Total physical RAM: 7654.11 MB
Available physical RAM: 5812.68 MB
Total Pagefile: 15306.41 MB
Available Pagefile: 13306.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:507.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0)
Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vielen Dank!


Alt 13.04.2015, 15:49   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Windows 7: PUA/Somoto.Gen

Alt 13.04.2015, 23:57   #7
Vega27
 
Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Hallo Schrauber,

hier erneut die Resultate der Scans.

ESET.txt:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=177c3eb8e6c5884d8fdb5e7dc7d93408
# engine=23355
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-13 09:06:19
# local_time=2015-04-13 11:06:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 106661 180589029 0 0
# scanned=514338
# found=0
# cleaned=0
# scan_time=20036
         
Checkup.txt:

Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 8 Update 31  
 Java 8 Update 40  
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (37.0.1) 
 Mozilla Thunderbird (31.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by ACER (administrator) on FLORIAN on 14-04-2015 00:49:22
Running from C:\Users\ACER\Desktop
Loaded Profiles: ACER & Florian (Available profiles: ACER & Florian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(ES-Computing) C:\Tools\Editplus\editplus.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-11-12] (Raptr, Inc)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\EXPERT~1.scr
HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Run: [Google Update] => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-27] (Google Inc.)
HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Run: [GoogleChromeAutoLaunch_4BC71BA0F323207FECDF97ADA8C142B9] => C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.proentry.de/
HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\cgozwaas.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\ACER\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-02-28] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Florian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @talk.google.com/O1DPlugin -> C:\Users\Florian\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2040030199-1763219053-3685502851-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-18]

Chrome: 
=======
CHR Profile: C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (YouTube) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google Search) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Sheets) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR Extension: (Gmail) - C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]
StartMenuInternet: Google Chrome - C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 MySQLServer; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14241 2013-05-26] () [File not signed]
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 Origin Client Service; C:\Games\Origin\OriginClientService.exe [1900400 2014-11-19] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 00:49 - 2015-04-14 00:49 - 00020028 _____ () C:\Users\ACER\Desktop\FRST.txt
2015-04-14 00:43 - 2015-04-14 00:43 - 00852616 _____ () C:\Users\ACER\Downloads\SecurityCheck.exe
2015-04-14 00:43 - 2015-04-14 00:43 - 00852616 _____ () C:\Users\ACER\Desktop\SecurityCheck.exe
2015-04-14 00:42 - 2015-04-14 00:42 - 00000695 _____ () C:\Users\ACER\Desktop\ESET.txt
2015-04-13 17:22 - 2015-04-13 17:22 - 02347384 _____ (ESET) C:\Users\ACER\Downloads\esetsmartinstaller_deu.exe
2015-04-13 11:54 - 2015-04-13 11:54 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-FLORIAN-Windows-7-Home-Premium-(64-bit).dat
2015-04-13 11:54 - 2015-04-13 11:54 - 00000000 ____D () C:\RegBackup
2015-04-13 11:53 - 2015-04-13 11:53 - 02686959 _____ (Thisisu) C:\Users\ACER\Desktop\JRT.exe
2015-04-13 11:45 - 2015-04-13 11:48 - 00000000 ____D () C:\AdwCleaner
2015-04-13 11:44 - 2015-04-13 11:13 - 02217984 _____ () C:\Users\ACER\Desktop\AdwCleaner_4.201.exe
2015-04-13 11:10 - 2015-04-13 11:10 - 00000979 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-13 09:53 - 2015-04-13 09:53 - 00561064 _____ (Oracle Corporation) C:\Users\Florian\Downloads\chromeinstall-8u40.exe
2015-04-13 09:51 - 2015-04-13 09:51 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Oracle
2015-04-12 22:14 - 2015-04-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 20:25 - 2015-04-12 20:25 - 00034244 _____ () C:\ComboFix.txt
2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\Qoobox
2015-04-12 19:58 - 2015-04-12 20:25 - 00000000 ____D () C:\ComboFix
2015-04-12 19:58 - 2015-04-12 20:23 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 19:58 - 2015-04-12 19:57 - 05617275 ____R (Swearware) C:\Users\ACER\Desktop\ComboFix.exe
2015-04-12 19:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 19:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 19:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 19:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 19:10 - 2015-04-12 19:10 - 00380416 _____ () C:\Users\ACER\Desktop\Gmer-19357.exe
2015-04-12 19:05 - 2015-04-12 19:05 - 02096640 _____ (Farbar) C:\Users\ACER\Desktop\FRST64.exe
2015-04-12 19:02 - 2015-04-12 19:02 - 00000000 ____D () C:\Users\ACER\AppData\Local\Macromedia
2015-04-12 18:59 - 2015-04-12 19:00 - 00000000 ____D () C:\Users\ACER\AppData\Local\Mozilla
2015-04-12 18:44 - 2015-04-12 18:44 - 00380416 _____ () C:\Users\Florian\Desktop\Gmer-19357.exe
2015-04-12 18:20 - 2015-04-12 18:21 - 00045174 _____ () C:\Users\Florian\Desktop\Addition.txt
2015-04-12 18:18 - 2015-04-12 18:21 - 00030311 _____ () C:\Users\Florian\Desktop\FRST.txt
2015-04-12 18:17 - 2015-04-14 00:49 - 00000000 ____D () C:\FRST
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Downloads\FRST64.exe
2015-04-12 18:16 - 2015-04-12 18:16 - 02096640 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2015-04-09 21:26 - 2015-04-09 21:27 - 31462447 _____ () C:\Users\Florian\Downloads\offline-SWTARC.zip
2015-04-07 18:20 - 2015-04-07 18:22 - 08157098 _____ () C:\Users\Florian\Downloads\apache-tomcat-7.0.33.zip
2015-04-07 14:45 - 2015-04-07 14:45 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\JetBrains
2015-04-07 14:44 - 2015-04-07 14:44 - 00000000 ____D () C:\Users\Florian\.AndroidStudio
2015-04-07 14:43 - 2015-04-07 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-04-07 11:57 - 2015-04-07 12:20 - 856233768 _____ (Google Inc.) C:\Users\Florian\Downloads\android-studio-bundle-135.1740770-windows.exe
2015-04-06 20:10 - 2015-04-06 20:10 - 00000000 ____D () C:\Users\Florian\Documents\Visual Studio 2010
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:22 - 2015-04-04 21:22 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 12:39 - 2015-04-05 09:17 - 00000000 ____D () C:\Program Files (x86)\Thunderbird
2015-03-31 16:11 - 2015-03-31 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-31 10:45 - 2015-04-12 20:16 - 00205678 _____ () C:\Windows\PFRO.log
2015-03-30 12:32 - 2015-03-30 12:32 - 00000183 _____ () C:\Users\Florian\Downloads\100373742194.sdx
2015-03-30 12:26 - 2015-03-30 12:27 - 13782032 _____ (Microsoft Corporation) C:\Users\Florian\Downloads\vssdk_full.exe
2015-03-30 12:19 - 2015-03-31 15:40 - 00036133 _____ () C:\Users\Florian\Downloads\SecureDownloadManager.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 00:10 - 2013-03-08 19:19 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 00:04 - 2012-08-16 02:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 18:47 - 2014-10-17 11:19 - 00005824 _____ () C:\Windows\setupact.log
2015-04-13 17:09 - 2012-01-11 13:13 - 01990051 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 17:08 - 2013-03-08 19:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 12:02 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:02 - 2009-07-14 06:45 - 00024432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 11:52 - 2013-12-09 16:06 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Raptr
2015-04-13 11:49 - 2012-12-06 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 11:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 11:11 - 2014-06-18 10:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 11:10 - 2014-06-18 10:56 - 00000000 ____D () C:\Program Files (x86)\Anti-Malware
2015-04-13 09:54 - 2015-01-25 16:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-13 09:54 - 2014-08-09 10:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-13 09:54 - 2012-08-03 21:01 - 00000000 ____D () C:\Users\Florian\AppData\Local\Adobe
2015-04-12 20:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 20:18 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 18:59 - 2012-10-28 13:24 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Mozilla
2015-04-12 18:58 - 2013-08-24 23:04 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Avira
2015-04-12 18:54 - 2012-03-17 19:09 - 00000000 ____D () C:\Users\ACER\AppData\Roaming\Adobe
2015-04-12 18:53 - 2012-03-17 18:48 - 00067408 _____ () C:\Users\ACER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 18:52 - 2012-03-17 18:49 - 00001429 _____ () C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-09 01:47 - 2012-08-28 02:58 - 00000000 ____D () C:\Aktien
2015-04-08 20:39 - 2015-01-04 20:15 - 00000000 ____D () C:\Users\Florian\.android
2015-04-08 09:57 - 2012-07-28 20:54 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Mozilla
2015-04-07 18:23 - 2012-07-29 13:44 - 00000000 ____D () C:\Tools
2015-04-07 14:44 - 2012-07-27 17:22 - 00000000 ____D () C:\Users\Florian
2015-04-06 20:07 - 2014-10-08 15:37 - 00000034 _____ () C:\Users\Florian\AppData\Roaming\AdobeWLCMCache.dat
2015-03-31 16:17 - 2012-11-03 01:49 - 00000000 ____D () C:\Users\Florian\AppData\Roaming\Avira
2015-03-31 16:11 - 2012-11-03 01:43 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 10:58 - 2012-03-17 18:47 - 00000000 ____D () C:\Users\ACER
2015-03-31 10:45 - 2013-07-15 15:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-29 18:15 - 2012-01-11 21:59 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 18:15 - 2012-01-11 21:59 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 18:15 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 06:15 - 2014-06-18 10:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-06-18 10:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-06-18 10:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 14:44 - 2014-08-23 14:48 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-03-15 13:03 - 2014-09-29 00:57 - 00000962 _____ () C:\Users\Florian\Desktop\Studienorganisator Semester II.lnk

==================== Files in the root of some directories =======

2014-10-01 15:24 - 2014-10-01 15:24 - 0000218 _____ () C:\Users\ACER\AppData\Local\recently-used.xbel
2013-05-14 15:54 - 2014-10-17 11:16 - 0007619 _____ () C:\Users\ACER\AppData\Local\Resmon.ResmonCfg
2012-07-18 23:16 - 2012-07-18 23:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-11 13:32 - 2012-01-11 13:35 - 0015131 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-08-23 14:48 - 2014-08-23 14:48 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-09-02 15:28 - 2014-10-16 12:00 - 0002520 _____ () C:\ProgramData\lxea.log
2014-08-23 14:48 - 2014-12-31 13:58 - 0001714 _____ () C:\ProgramData\lxeaJSW.log
2014-08-23 14:44 - 2014-10-17 10:16 - 0009510 _____ () C:\ProgramData\lxeascan.log
2014-12-31 14:00 - 2014-12-31 14:00 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-07-27 17:01 - 2012-07-27 17:02 - 0000032 _____ () C:\ProgramData\PS.log
2014-08-23 14:43 - 2014-08-23 14:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some content of TEMP:
====================
C:\Users\ACER\AppData\Local\Temp\avgnt.exe
C:\Users\ACER\AppData\Local\Temp\Quarantine.exe
C:\Users\ACER\AppData\Local\Temp\sqlite3.dll
C:\Users\Florian\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 00:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by ACER at 2015-04-14 00:50:18
Running from C:\Users\ACER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer Crystal Eye webcam 2.2.0.2 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 2.2.0.2 - SuYin)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0902.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version:  - )
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astah Community 6.6.3 (HKLM\...\astah* community_is1) (Version:  - Change Vision, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.4 - Atmel)
AVR QTouch Studio (HKLM-x32\...\{7BE9E558-BE53-4939-9565-A0BEA2F839D0}) (Version: 4.4.1 - Atmel)
AVR Studio 5.1 (HKLM-x32\...\{D574D18C-9D52-4B4B-9647-AE6B89FD3F70}) (Version: 5.1.208 - Atmel)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
BaseX (HKLM-x32\...\BaseX) (Version:  - BaseX Team)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.3.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version:  - ES-Computing)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Facebook Messenger 2.1.4801.0 (HKLM-x32\...\{823ECDD2-E8E9-4E46-AB97-44516A27288E}) (Version: 2.1.4801.0 - Facebook)
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.4.2046 - OpenSight Software LLC)
flatex fx (HKLM-x32\...\flatex fx) (Version: 4.00 - MetaQuotes Software Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Git version 1.9.0-preview20140217 (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Git_is1) (Version: 1.9.0-preview20140217 - The Git Development Community)
Google Chrome (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170050}) (Version: 1.7.0.50 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
JavaFX 2.1.1 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JavaFX 2.1.1 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-211648764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.27 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.27 - Alliance Software Pty Ltd) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{c81217f5-344b-4b07-895e-97468942d363}) (Version: 12.0.30501 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 14.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 14.0 (x86 de)) (Version: 14.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
MySQL Installer (HKLM-x32\...\{2D6DCDB3-9D02-4ED9-A67C-C76DB4682DE1}) (Version: 1.2.0.0 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{48A9B9DD-66B9-4846-AA7C-825A5729B643}) (Version: 5.2.47 - Oracle Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Node.js (HKLM\...\{E292EB4D-988D-42CE-B042-68E7A83603BA}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.2.2064 - Electronic Arts, Inc.)
Pencil (HKLM-x32\...\Pencil) (Version:  - Evolus Co., Ltd.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.1.8-1.0.4843.13 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6446 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Talend Open Studio (HKLM-x32\...\Talend Open Studio) (Version:  - )
TeamSpeak 3 Client (HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.3 - The Wireshark developer community, hxxp://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Tools\GIT-Shell\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2040030199-1763219053-3685502851-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Florian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

03-04-2015 13:46:01 Windows Update
04-04-2015 21:22:10 Windows Update
10-04-2015 10:15:53 Windows Update
12-04-2015 19:58:54 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-12 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18B95E93-9A92-49A0-A60B-174EDAED8388} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {22F0D562-947D-45A6-BBC0-B46251ED59F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {28BE3017-4CB2-4193-B484-1E9354EC376B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A85C90A-9A6A-4379-88A9-512E8D3B284A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33EE17E5-0CFA-4F01-9C86-344AD3C1A4FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {49BB2F0B-854C-49DC-A726-619E30483D11} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)
Task: {5A45B0A1-41F4-4BEB-87B2-4EE3609A60C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5A6E3495-EFC9-4400-A5F3-37F10BFB97F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {83F55C03-B4BC-43B2-A412-F6219BCFBC47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {C567C572-5BF9-4D53-8528-910409FE3CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-08] (Google Inc.)
Task: {DAA0B56D-E6B0-4322-80B4-EFC67E1BB9EF} - System32\Tasks\AdobeAAMUpdater-1.0-FLORIAN-Florian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {E0421B5D-B4C6-433C-A613-37CEF1A3B262} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cf8d6175046c23.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfedd9bb8b6043.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1cfff51dbee0e2e.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2040030199-1763219053-3685502851-1001Core1d04090329cb4ae.job => C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-08-23 14:45 - 2009-11-04 08:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2015-04-03 13:45 - 2015-03-30 23:07 - 01174856 _____ () C:\Users\Florian\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 13:45 - 2015-03-30 23:07 - 00080200 _____ () C:\Users\Florian\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 13:46 - 2015-03-30 23:07 - 09279304 _____ () C:\Users\Florian\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll
2012-04-13 12:04 - 2012-04-13 12:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-04-13 12:00 - 2012-04-13 12:00 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Software\Classes\exefile:  <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2040030199-1763219053-3685502851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2040030199-1763219053-3685502851-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AMDCleanup => C:\Grafiktreiber\AMDCleanupUtil.exe silent
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
MSCONFIG\startupreg: lxeamon.exe => "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== Accounts: =============================

ACER (S-1-5-21-2040030199-1763219053-3685502851-1000 - Administrator - Enabled) => C:\Users\ACER
Administrator (S-1-5-21-2040030199-1763219053-3685502851-500 - Administrator - Disabled)
Florian (S-1-5-21-2040030199-1763219053-3685502851-1001 - Limited - Enabled) => C:\Users\Florian
Gast (S-1-5-21-2040030199-1763219053-3685502851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2040030199-1763219053-3685502851-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 00:41:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2015 11:31:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2015 05:23:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2015 05:23:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2015 05:23:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/13/2015 05:23:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (04/13/2015 09:05:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 09:05:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 09:05:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 09:05:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 08:40:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 08:40:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 08:40:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 08:40:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 08:39:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/13/2015 08:39:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\bcmihvsrv64.dll


Microsoft Office Sessions:
=========================
Error: (04/14/2015 00:41:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/13/2015 11:31:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (04/13/2015 05:23:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe

Error: (04/13/2015 05:23:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe

Error: (04/13/2015 05:23:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe

Error: (04/13/2015 05:23:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ACER\Downloads\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: AMD A8-3520M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 7654.11 MB
Available physical RAM: 4369.57 MB
Total Pagefile: 15306.41 MB
Available Pagefile: 11558.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:682.42 GB) (Free:501.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 34F575C0)
Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=682.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Vielen Dank!

Alt 14.04.2015, 16:32   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Flash und Adobe Reader updaten.

Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2015, 18:31   #9
Vega27
 
Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Hallo Schrauber,

alles erledigt, keine Probleme mehr. Vielen, vielen Dank!

Noch etwas bzgl. Deinstallation der Programme zu beachten?

Alt 15.04.2015, 09:43   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: PUA/Somoto.Gen - Standard

Windows 7: PUA/Somoto.Gen



Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: PUA/Somoto.Gen
.dll, adobe, adware, avira, bonjour, browser, defender, error, explorer, firefox, flash player, home, launch, mozilla, neustart, photoshop, realtek, registry, security, services.exe, software, svchost.exe, system, temp, usb, windows



Ähnliche Themen: Windows 7: PUA/Somoto.Gen


  1. Windows 7 (64bit): Somoto BetterInstaller, FirePassword, Open Candy
    Plagegeister aller Art und deren Bekämpfung - 21.09.2015 (22)
  2. Avira meldet Pua Somoto Gen 2
    Plagegeister aller Art und deren Bekämpfung - 06.07.2015 (15)
  3. PUP.Optional.Somoto.SID.A
    Plagegeister aller Art und deren Bekämpfung - 20.06.2015 (17)
  4. Pua/somoto.gen2 ? Virusentfernung
    Log-Analyse und Auswertung - 08.04.2015 (8)
  5. pup.optional.somoto und PUA/Linkury.gen2
    Log-Analyse und Auswertung - 23.03.2015 (13)
  6. PUA/Somoto.Gen2- C:\Users\*\AppData\Local\Microsoft\Windows\INetCache\IE\JR8ICEBF\setup[1]
    Log-Analyse und Auswertung - 23.03.2015 (7)
  7. PUA Somoto.Gen2 von Avira gefunden - Windows 8
    Log-Analyse und Auswertung - 21.03.2015 (28)
  8. Adware.Somoto - Unterstützung bei OTL
    Log-Analyse und Auswertung - 23.08.2014 (8)
  9. Windows 7: Avast! hat Win32:Somoto gefunden
    Log-Analyse und Auswertung - 29.07.2014 (9)
  10. malwarebytes hat was entdeckt PUP.Optional.Somoto
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (5)
  11. PUP.Optional.Somoto gefunden
    Log-Analyse und Auswertung - 04.06.2014 (3)
  12. PUP.Optional.Somoto
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (2)
  13. APPL/Somoto.Gen2 Infektion!
    Alles rund um Windows - 18.10.2013 (3)
  14. Windows 7: Taskleiste bzw. Desktop wird regelmäßig gelockt (PUP.Optional.Somoto.A)
    Log-Analyse und Auswertung - 23.09.2013 (13)
  15. XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etc
    Log-Analyse und Auswertung - 26.07.2013 (15)
  16. Infektion mit Adware.Somoto, was tun?!
    Log-Analyse und Auswertung - 11.06.2013 (15)
  17. Incredibar und Win 32/Somoto.A
    Lob, Kritik und Wünsche - 15.07.2012 (2)

Zum Thema Windows 7: PUA/Somoto.Gen - Hallo Zusammen, mein Antivirusprogramm hat mir soeben den Fund "PUA/Somoto.Gen" gemeldet und diesen in Quarantäne verschoben. Arbeite in einem separaten, zugriffsbeschränkten Account. Es konnte lediglich der FRST-Scan durchgeführt werden, da - Windows 7: PUA/Somoto.Gen...
Archiv
Du betrachtest: Windows 7: PUA/Somoto.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.