| |
| |||||||
Log-Analyse und Auswertung: "WinloadSDA.Gen" und andere FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
18.07.2015, 12:20
| #1 |
 |  "WinloadSDA.Gen" und andere Funde Liebes TB-Team, auf dem Rechner meiner Freundin hat Avira heute vier Funde gemeldet, bei denen ich mir nicht sicher bin, ob es sich um Viren, oder nur um „unerwünschte Anwendungen“ handelt. Es geht um: „PUA/WinloadSDA.Gen“. Bei einem anschließenden Virenscan mit Avira wurde noch folgendes gefunden: „srptsl.exe.vir“, „BrowserHelper.exe.vir“ und „manifest.json.vir“. Es wäre super, wenn ihr euch das einmal anschauen könntet. Angehängt sind folgende Logfiles: Avira-log von dem Fund heute Morgen, Avira-log von dem anschließenden Suchlauf, DEFOGGER, FRST + ADDITIONS und GMER. Soll ich dann gleich noch einen MBAM-Suchlauf hinterherschicken, oder was wären die nächsten Schritte? Vielen Dank schon einmal!!! Logs: erstes Avira Log nur Ausschnittsweise, da der Post zu lange war (kann im nächsten Post noch vollständig hochgeladen werden) Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 18. Juli 2015 08:28
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.3.9600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LEO
(...)
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\Antivirus\TEMP\AVGUARD_55a72d3b\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
(...)
Beginn des Suchlaufs: Samstag, 18. Juli 2015 08:28
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Leonie\Documents\JOB\Projekt TP-SAPPV\Projekt TP-SAPPV\f4-Software\f4-free-Setup.exe'
C:\Users\Leonie\Documents\JOB\Projekt TP-SAPPV\Projekt TP-SAPPV\f4-Software\f4-free-Setup.exe
[FUND] Enthält Muster der Software PUA/WinloadSDA.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5087644e.qua' verschoben!
Beginne mit der Suche in 'C:\Users\Leonie\Documents\JOB\Projekt TP-SAPPV\f4-Software\f4-free-Setup.exe'
C:\Users\Leonie\Documents\JOB\Projekt TP-SAPPV\f4-Software\f4-free-Setup.exe
[FUND] Enthält Muster der Software PUA/WinloadSDA.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48104bfa.qua' verschoben!
Ende des Suchlaufs: Samstag, 18. Juli 2015 08:33
Benötigte Zeit: 05:18 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1773 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1771 Dateien ohne Befall
155 Archive wurden durchsucht
0 Warnungen
2 Hinweise
Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 18. Juli 2015 08:36
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.3.9600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LEO
Versionsinformationen:
BUILD.DAT : 15.0.11.579 109728 Bytes 16.06.2015 09:37:00
AVSCAN.EXE : 15.0.11.576 1041656 Bytes 01.07.2015 16:22:44
AVSCANRC.DLL : 15.0.11.478 63792 Bytes 17.06.2015 04:01:56
LUKE.DLL : 15.0.11.550 59696 Bytes 17.06.2015 04:02:16
AVSCPLR.DLL : 15.0.11.550 95024 Bytes 17.06.2015 04:01:57
REPAIR.DLL : 15.0.11.576 463608 Bytes 01.07.2015 16:22:43
REPAIR.RDF : 1.0.9.0 958794 Bytes 17.07.2015 13:11:40
AVREG.DLL : 15.0.11.550 276784 Bytes 17.06.2015 04:01:55
AVLODE.DLL : 15.0.11.572 611632 Bytes 17.06.2015 04:01:53
AVLODE.RDF : 14.0.4.72 79262 Bytes 08.07.2015 16:01:57
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:45:51
XBV00042.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00043.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00044.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00045.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00046.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00047.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00048.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00049.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00050.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00051.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00052.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00053.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00054.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:33
XBV00055.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00056.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00057.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00058.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00059.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00060.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00061.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00062.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00063.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00064.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00065.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00066.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00067.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00068.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00069.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00070.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00071.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00072.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00073.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00074.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00075.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00076.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00077.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00078.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00079.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00080.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00081.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00082.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00083.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:34
XBV00084.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00085.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00086.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00087.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00088.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00089.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00090.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00091.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00092.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00093.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00094.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00095.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00096.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00097.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00098.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00099.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00100.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00101.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00102.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00103.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00104.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00105.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00106.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00107.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00108.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00109.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00110.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00111.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:35
XBV00112.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00113.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00114.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00115.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00116.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00117.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00118.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00119.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00120.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00121.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00122.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00123.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00124.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00125.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00126.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00127.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00128.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00129.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00130.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00131.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00132.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00133.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00134.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00135.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00136.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00137.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00138.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00139.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00140.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:36
XBV00141.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00142.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00143.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00144.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00145.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00146.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00147.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00148.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00149.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00150.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00151.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00152.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00153.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00154.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00155.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00156.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00157.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00158.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00159.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00160.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00161.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00162.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00163.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00164.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00165.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00166.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00167.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00168.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00169.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00170.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00171.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00172.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00173.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00174.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00175.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:37
XBV00176.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00177.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00178.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00179.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00180.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00181.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00182.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00183.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00184.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00185.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00186.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00187.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00188.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00189.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00190.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00191.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00192.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00193.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00194.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00195.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00196.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00197.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00198.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00199.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00200.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00201.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00202.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00203.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:38
XBV00204.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00205.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00206.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00207.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00208.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00209.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00210.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00211.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00212.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00213.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00214.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00215.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00216.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00217.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00218.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00219.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00220.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00221.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00222.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00223.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00224.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00225.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00226.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00227.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00228.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00229.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00230.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00231.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00232.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00233.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00234.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00235.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00236.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00237.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00238.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00239.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:39
XBV00240.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00241.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00242.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00243.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00244.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00245.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00246.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00247.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00248.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00249.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00250.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00251.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00252.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00253.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00254.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00255.VDF : 8.11.248.172 2048 Bytes 17.07.2015 13:11:40
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:00:51
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:00:51
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:00:51
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:00:51
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:00:51
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:00:51
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:40:41
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 15:41:55
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 09:45:50
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 11:41:08
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 18:52:50
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 16:09:32
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 18:51:36
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 17:06:51
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 15:54:48
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 06:59:34
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 16:37:32
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 16:46:55
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 15:00:16
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 06:28:11
XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 17:00:33
XBV00021.VDF : 8.11.243.12 2747904 Bytes 26.06.2015 10:07:14
XBV00022.VDF : 8.11.248.172 2350592 Bytes 17.07.2015 13:11:33
LOCAL000.VDF : 8.11.248.172 131500032 Bytes 17.07.2015 13:12:39
Engineversion : 8.3.32.24
AEBB.DLL : 8.1.2.0 60448 Bytes 10.08.2014 09:45:44
AECORE.DLL : 8.3.7.2 249920 Bytes 27.06.2015 10:07:08
AEDROID.DLL : 8.4.3.324 1540160 Bytes 15.07.2015 17:18:00
AEEMU.DLL : 8.1.3.4 399264 Bytes 10.08.2014 09:45:44
AEEXP.DLL : 8.4.2.88 266296 Bytes 12.05.2015 17:00:41
AEGEN.DLL : 8.1.7.44 457576 Bytes 15.07.2015 17:18:00
AEHELP.DLL : 8.3.2.2 281456 Bytes 30.06.2015 03:55:32
AEHEUR.DLL : 8.1.4.1784 8551280 Bytes 10.07.2015 13:12:53
AEMOBILE.DLL : 8.1.8.2 303168 Bytes 10.07.2015 13:12:54
AEOFFICE.DLL : 8.3.1.44 404608 Bytes 10.07.2015 13:12:53
AEPACK.DLL : 8.4.0.82 792488 Bytes 30.06.2015 03:55:35
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 16:36:02
AESBX.DLL : 8.2.21.0 1622072 Bytes 26.05.2015 12:54:11
AESCN.DLL : 8.3.2.10 142456 Bytes 12.05.2015 17:00:41
AESCRIPT.DLL : 8.2.2.82 534440 Bytes 10.07.2015 13:12:53
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 15:56:12
AVWINLL.DLL : 15.0.11.478 25904 Bytes 17.06.2015 04:01:50
AVPREF.DLL : 15.0.11.478 54216 Bytes 17.06.2015 04:01:54
AVREP.DLL : 15.0.11.478 220464 Bytes 17.06.2015 04:01:55
AVARKT.DLL : 15.0.11.478 228088 Bytes 17.06.2015 04:01:51
AVEVTLOG.DLL : 15.0.11.550 195320 Bytes 17.06.2015 04:01:52
SQLITE3.DLL : 15.0.11.478 455472 Bytes 17.06.2015 04:02:18
AVSMTP.DLL : 15.0.11.478 79096 Bytes 17.06.2015 04:01:57
NETNT.DLL : 15.0.11.478 16384 Bytes 17.06.2015 04:02:16
CommonImageRc.dll: 15.0.11.478 4279600 Bytes 17.06.2015 04:01:50
CommonTextRc.dll: 15.0.11.478 69936 Bytes 17.06.2015 04:01:50
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 18. Juli 2015 08:36
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '193' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCDMonitorService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMSvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HelperService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ConversionService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICCProxy.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'GamesAppIntegrationService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '262' Modul(e) wurden durchsucht
Durchsuche Prozess 'skydrive.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SettingSyncHost.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMEvent.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMTray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ActivateDesktop.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrl.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDTouch.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETDCtrlHelper.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'updrgui.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '28' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1757' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Acer>
C:\swapfile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srptsl.exe.vir
[FUND] Enthält Muster der Software PUA/Linkury.GDH
C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir
[FUND] Enthält Muster der Software PUA/Linkury.35096
C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\manifest.json.vir
[FUND] Enthält Muster der Software PUA/Linkury.JH
Beginne mit der Desinfektion:
C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\manifest.json.vir
[FUND] Enthält Muster der Software PUA/Linkury.JH
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54d08d14.qua' verschoben!
C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir
[FUND] Enthält Muster der Software PUA/Linkury.35096
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c46a2d4.qua' verschoben!
C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srptsl.exe.vir
[FUND] Enthält Muster der Software PUA/Linkury.GDH
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e1af83a.qua' verschoben!
Ende des Suchlaufs: Samstag, 18. Juli 2015 12:22
Benötigte Zeit: 3:20:13 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43917 Verzeichnisse wurden überprüft
687438 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
687434 Dateien ohne Befall
14021 Archive wurden durchsucht
1 Warnungen
3 Hinweise
1315 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:31 on 18/07/2015 (Leonie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015
Ran by Leonie (administrator) on LEO on 18-07-2015 12:32:49
Running from C:\Users\Leonie\Desktop
Loaded Profiles: UpdatusUser & Leonie (Available Profiles: UpdatusUser & Leonie)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] (Atheros Communications)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\Run: [LPT System Updater] => C:\Users\Leonie\AppData\Local\LPT\srptm.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=hp&fr=linkury-tb&installDate=08/01/2014&type=hp1000
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002 -> {264A1D8B-DE32-4195-A61C-9A180EB861D8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{28EB0C18-13F2-49CD-903C-9989BD2BB1F6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6D1356EC-50A8-4791-9BEA-6DF55317E2B2}: [DhcpNameServer] 150.200.3.1
FireFox:
========
FF ProfilePath: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default
FF DefaultSearchEngine: Ecosia
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAaplgCXthVDO6W2h6CwsNlGp-GtX4lXa7NThO3Ns_yuWmzqnPqyMGgfBlX-InEJZznznerMXEMrRblwe7XtT4O9lD8BlqOVS0s7ajikxjVvunWZiY221V2XqKEsBO3fjZMwQxYdo0ZGuRRyZkDbif_Oz2uY9Ro5d8VaMQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-07] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-02-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\searchplugins\ecosia.xml [2015-05-31]
FF Extension: Avira Browser Safety - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: GMX MailCheck - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\mailcheck@gmx.net [2015-06-18]
FF Extension: Personas Plus - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\personas@christopher.beard.xpi [2014-04-12]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-01-25]
FF Extension: Adblock Plus - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-17] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-11] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R2 SSPORT; C:\WINDOWS\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 12:32 - 2015-07-18 12:33 - 00018837 _____ C:\Users\Leonie\Desktop\FRST.txt
2015-07-18 12:32 - 2015-07-18 12:32 - 00000000 ____D C:\FRST
2015-07-18 12:31 - 2015-07-18 12:31 - 00000474 _____ C:\Users\Leonie\Desktop\defogger_disable.log
2015-07-18 12:31 - 2015-07-18 12:31 - 00000000 _____ C:\Users\Leonie\defogger_reenable
2015-07-18 12:30 - 2015-07-18 12:30 - 02134016 _____ (Farbar) C:\Users\Leonie\Desktop\FRST64.exe
2015-07-18 12:29 - 2015-07-18 12:29 - 00050477 _____ C:\Users\Leonie\Desktop\Defogger.exe
2015-07-15 19:40 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 19:40 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 19:40 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 19:40 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 19:40 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 19:40 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 19:40 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 19:40 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 19:40 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 19:40 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 19:40 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 19:40 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 19:40 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 19:40 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 19:40 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 19:40 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 19:40 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 19:40 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 19:40 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 19:40 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 19:39 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 19:39 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 19:39 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 19:39 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 19:39 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 19:39 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 19:39 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 19:39 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 19:39 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 19:39 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 19:39 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 19:39 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 19:39 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 19:39 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 19:39 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 19:39 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 19:39 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 19:39 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 19:39 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 19:39 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 19:39 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 19:39 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 19:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 19:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 19:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 19:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 19:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 19:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 19:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 19:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 19:37 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 19:37 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 19:37 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 19:37 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 19:37 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 19:37 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 19:37 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 19:37 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 19:37 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 19:37 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 19:37 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 19:37 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 19:37 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 19:37 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 19:37 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 19:37 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 19:37 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 19:37 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 19:37 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 19:37 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 19:37 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 19:37 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 19:37 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 19:37 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 19:37 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 19:37 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 19:37 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 19:37 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 19:37 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 19:37 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 19:37 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 19:37 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 19:37 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 19:37 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 19:37 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 19:37 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 19:37 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 19:37 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 19:36 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 19:36 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 19:36 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 18:11 - 2015-07-16 06:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 18:32 - 2015-07-01 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-01 18:31 - 2015-07-01 18:32 - 00000000 ____D C:\Program Files\iTunes
2015-07-01 18:31 - 2015-07-01 18:31 - 00000000 ____D C:\Program Files\iPod
2015-07-01 18:31 - 2015-07-01 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-29 19:48 - 2014-12-05 16:32 - 00420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2015-06-29 19:48 - 2014-12-05 16:31 - 00151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2015-06-29 19:48 - 2014-12-05 16:31 - 00068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 12:31 - 2014-02-04 10:25 - 00000000 ____D C:\Users\Leonie
2015-07-18 12:01 - 2013-12-30 12:32 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229782175-1800344310-2740547102-1002
2015-07-18 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-18 11:53 - 2014-01-02 13:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-18 11:39 - 2014-02-04 10:19 - 01737478 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 09:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 08:35 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-18 08:28 - 2014-01-29 11:33 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-07-18 08:20 - 2014-04-17 05:52 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{69FCF3D8-DFF5-4930-B4EB-2BECD9F22E20}
2015-07-18 08:20 - 2014-01-01 19:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-18 08:19 - 2014-04-06 16:35 - 00000000 ____D C:\Users\Leonie\AppData\Local\Deployment
2015-07-17 17:58 - 2014-01-01 19:04 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\vlc
2015-07-17 15:10 - 2014-02-04 11:31 - 00000000 ___DO C:\Users\Leonie\SkyDrive
2015-07-16 16:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-16 06:03 - 2013-08-22 16:46 - 00357871 _____ C:\WINDOWS\setupact.log
2015-07-16 06:03 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-16 06:03 - 2013-08-22 16:44 - 00508344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 06:01 - 2014-04-11 18:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-16 06:01 - 2013-11-14 00:18 - 00340762 _____ C:\WINDOWS\PFRO.log
2015-07-15 20:48 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-15 20:44 - 2014-12-28 14:24 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:53 - 2014-01-02 13:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:20 - 2014-01-25 17:32 - 01955328 ___SH C:\Users\Leonie\Desktop\Thumbs.db
2015-07-13 23:10 - 2015-03-17 19:36 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2015-03-17 19:36 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 15:52 - 2013-12-30 12:23 - 00000000 ____D C:\Users\Leonie\AppData\Local\Packages
2015-07-11 13:02 - 2015-05-21 06:42 - 00005120 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LEO-Leonie Leo
2015-07-09 06:12 - 2014-08-17 21:29 - 00000000 ____D C:\Users\Leonie\AppData\Local\Adobe
2015-07-07 06:04 - 2014-08-14 08:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-07 06:04 - 2014-02-26 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 06:04 - 2014-02-26 23:46 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-05 10:38 - 2013-12-31 21:05 - 00000000 ____D C:\Users\Leonie\Documents\JOB
2015-07-05 10:37 - 2014-01-01 19:09 - 00000000 ___RD C:\Users\Leonie\Desktop\Programme
2015-07-03 18:26 - 2014-01-08 20:39 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\Apple Computer
2015-07-01 18:31 - 2015-04-16 07:06 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-01 18:31 - 2014-01-08 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-29 20:09 - 2013-12-31 18:39 - 00000000 ____D C:\Users\Leonie\Documents\FH Soziale Arbeit
2015-06-27 10:21 - 2014-04-06 16:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 17:21 - 2014-02-20 13:30 - 00013796 _____ C:\Users\Leonie\Desktop\Musik, Filme etc..ods
2015-06-24 07:07 - 2013-11-14 09:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-24 07:07 - 2013-11-14 09:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-24 07:07 - 2013-11-14 09:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-24 06:48 - 2014-11-19 07:09 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieBrowserModeList
2015-06-24 06:48 - 2014-05-12 16:57 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieUserList
2015-06-24 06:48 - 2014-05-12 16:57 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieSiteList
==================== Files in the root of some directories =======
2014-02-16 17:20 - 2014-02-16 17:20 - 0003430 _____ () C:\Users\Leonie\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Leonie\AppData\Local\Temp\avgnt.exe
C:\Users\Leonie\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Leonie\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Leonie\AppData\Local\Temp\Quarantine.exe
C:\Users\Leonie\AppData\Local\Temp\sqlite3.dll
C:\Users\Leonie\AppData\Local\Temp\_is9E0.exe
C:\Users\Leonie\AppData\Local\Temp\_isE59A.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-18 08:41
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015
Ran by Leonie at 2015-07-18 12:33:47
Running from C:\Users\Leonie\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3229782175-1800344310-2740547102-500 - Administrator - Disabled)
Gast (S-1-5-21-3229782175-1800344310-2740547102-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3229782175-1800344310-2740547102-1006 - Limited - Enabled)
Leonie (S-1-5-21-3229782175-1800344310-2740547102-1002 - Administrator - Enabled) => C:\Users\Leonie
UpdatusUser (S-1-5-21-3229782175-1800344310-2740547102-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AliceHilfe (HKLM-x32\...\AliceHilfe 1.0.0.1) (Version: 1.0.0.1 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.6 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.4 - Broadcom Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 311.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.59 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.014 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skypeâ„¢ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D59453D-B3A2-486E-8622-F36C8932CF00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1A5C2EA2-5984-4D1A-B1D4-1D4564EB0B7D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2643D3B5-7103-4A34-806D-CC1A4332B506} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {2C8DD765-FE9C-481C-97E8-3349D94A7304} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {318A4727-68C8-4903-B471-28BCBE08F5BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LEO-Leonie Leo => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {41278C68-0060-4373-BB9C-B5F0967B0555} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5C11992F-EBCD-4382-AFD7-95E0581B60BB} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {62D90449-2A85-42CC-9928-19FEE6F76C80} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {7102717A-B900-4271-8C2C-AF3A11DA13B1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {71B10DB7-CA4C-42FD-9537-A7850F7CD83A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {89B854BB-E092-4814-984C-C8A634C1D1EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {BF83DA14-CE16-4B68-B519-8B3D7CB5AE48} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-30] (TuneUp Software)
Task: {D91D7235-433F-419E-A7E8-1669E794D495} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {E256B03A-5BA8-4D82-95BF-E660EE901391} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {F1A11905-6598-43BD-A89C-E8CF4CF5F986} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2011-04-14 03:40 - 2011-04-14 03:40 - 00968192 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-08 17:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-30 10:51 - 2013-08-30 10:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-15 09:38 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-05-31 01:23 - 2013-05-31 01:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-31 01:19 - 2013-05-31 01:19 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-31 01:53 - 2013-05-31 01:53 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-15 09:06 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Leonie\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonie\Pictures\Diverse Bilder\bike green small.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3DA4BD02-D75F-4829-A2E9-52119CA7D6DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89812770-80AA-4C14-8042-C95E8DBFE598}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E032E77D-BEC4-422A-93F0-4F9BCDF36FEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{565D2AB6-211E-4DA9-AEB1-B190D9D261D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4059E93-0C91-426A-B4FC-26D67451AFE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{7BF0EE21-9610-4BF3-9A30-CD4EB675D4C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{0893171F-052F-4413-8CB9-6896155D43BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{030D2738-3DCC-4DE6-9B51-DF93288C44C7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{119360D4-EBD2-4D8B-A076-CCC1668C904F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{294D90B4-3BCC-47A8-9708-F7F5AD51A061}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D587BDBD-674A-421E-B33A-4400461D1586}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{AF1253BF-CDC9-4C77-9C13-91278B3E187F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{4938BC32-6769-450B-BDFD-A9311DD17E46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ED79EE4C-B93A-476B-84A1-72080B094B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{9E07AA90-8B51-47B7-8B74-04FB9364B1C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{7AC631AE-CCE5-415B-8D4B-53162D5BE1FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{049B6B29-5A9F-4F95-808B-B312B7D35975}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{7C6D1368-19F8-41A8-AD98-90BC437EDE9B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{F225E7FE-93F2-49FC-938A-D9EE52C6DBBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{417093DA-BBAA-447E-B58D-3319E5503034}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B94B34EA-E369-4902-9D69-044A656197DF}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{26A0EA0E-AB9D-4285-92D0-A96916F2A9CD}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{103E314D-4C11-4CE5-A9B6-F5C18E900AF6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{ADB10595-BA05-4280-A1D6-3F04DC3FD888}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A7852FE8-8D4C-4984-8B27-42ECD034C8D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A2B509E9-2C9A-4F68-802A-94DB2DB91E30}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E7F9E92A-6BE3-4972-B7A0-FB24A283A1C3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{C16C9823-4F86-4D7F-BE60-96DB5B4656B8}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [UDP Query User{05667958-109D-4D37-883A-295039EFB3F7}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{7D9479B5-B837-40FB-B64A-ED8A272FBE37}] => (Allow) C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{81CB65BA-2E44-4BA0-8341-D95FD4B94A79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B35EA37F-855E-4D07-BA0C-9EE4EDD4F774}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{35B6C248-7543-4CA8-96B0-AAEF08E5BEB6}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{34352CE5-B475-4C15-9354-F09A041799A9}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{8C91488F-EAD3-4981-A85F-14E3F807EC2C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{D2D1E2AF-485F-4DC2-9B22-3938A38E94BB}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{C4655173-AEEF-42E3-9107-9A1466EC1AFC}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{E948F8BC-EF08-4EB5-BBBC-72938931159D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{020CFD0B-B1C1-4EA0-AC43-5193DC823BBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{598A7B19-5B18-4451-8179-FAB1564100CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2015 08:20:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: LEO)
Description: Produkt: Adobe Reader XI (11.0.11) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011012}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/14/2015 05:15:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (07/12/2015 03:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2296
Error: (07/12/2015 03:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2296
System errors:
=============
Error: (07/16/2015 06:03:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/27/2015 12:02:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (06/27/2015 10:21:58 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:58 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:58 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:58 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:58 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:58 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:57 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/27/2015 10:21:56 AM) (Source: DCOM) (EventID: 10016) (User: LEO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LeoLeonieS-1-5-21-3229782175-1800344310-2740547102-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office:
=========================
Error: (07/18/2015 08:20:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: LEO)
Description: Adobe Reader XI (11.0.11) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011012}1625(NULL)(NULL)(NULL)
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/14/2015 05:15:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (07/12/2015 03:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2296
Error: (07/12/2015 03:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2296
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 31%
Total physical RAM: 8007.27 MB
Available physical RAM: 5492.09 MB
Total Virtual: 9287.27 MB
Available Virtual: 6457.01 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:448.85 GB) (Free:329.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D620F07)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-18 12:43:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Leonie\AppData\Local\Temp\ugldapow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600020e600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600020e610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc6c9d3e10 7 bytes JMP 00007ffd6beb02d0
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc6c9d3e20 7 bytes JMP 00007ffd6beb0308
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc6ca839b0 7 bytes JMP 00007ffd6beb03b0
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc6ca83ef0 7 bytes JMP 00007ffd6beb0340
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc6ca83fe0 7 bytes JMP 00007ffd6beb0378
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc6cab06c0 7 bytes JMP 00007ffd6beb0228
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc6cab0730 7 bytes JMP 00007ffd6beb0298
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffc6cab0760 7 bytes JMP 00007ffd6beb0260
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc6bec21d0 5 bytes JMP 00007ffd6beb0180
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc6bec29d0 7 bytes JMP 00007ffd6beb00d8
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc6bec4310 5 bytes JMP 00007ffd6beb0110
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc6bec8d80 5 bytes JMP 00007ffd6beb0148
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc6e886d90 10 bytes JMP 00007ffd6beb0490
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc6e8974a0 5 bytes JMP 00007ffd6beb0458
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc6e897560 1 byte JMP 00007ffd6beb03e8
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffc6e897562 7 bytes {JMP 0xfffffffffd618e88}
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc6e8a6b10 5 bytes JMP 00007ffd6beb0420
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc6c821500 8 bytes JMP 00007ffd6beb01b8
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc6c821750 8 bytes JMP 00007ffd6beb01f0
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ffc69797750 5 bytes JMP 00007ffd696100d8
.text C:\WINDOWS\System32\dwm.exe[4388] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ffc69798ee0 5 bytes JMP 00007ffd69610110
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [5440:6500] fffff960008822d0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4064:2072] 000000000085a56e
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4064:4720] 00000000689dc1f0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4064:4772] 0000000064da8bce
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [4064:6240] 0000000074a43730
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
18.07.2015, 12:23
| #2 |
| /// TB-Ausbilder   | "WinloadSDA.Gen" und andere Funde Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
__________________ |
|
18.07.2015, 13:29
| #3 |
| | "WinloadSDA.Gen" und andere Funde Super, vielen Dank! Hier kommen die nächsten Logfiles:
__________________Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 18/07/2015 um 13:31:49
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Leonie - LEO
# Gestarted von : C:\Users\Leonie\Desktop\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Leonie\AppData\Local\pokki
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
-\\ Mozilla Firefox v39.0 (x86 de)
[lwzg1941.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.helperbar.publisher", "yahoooc");
[lwzg1941.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAaplgCXthVDO6W2h6CwsNlGp-GtX4lXa7NThO3Ns_yuWmzqnPqyMGgfBlX-InEJZznznerMXEMrRblwe7XtT4O9l[...]
*************************
AdwCleaner[R0].txt - [10351 Bytes] - [19/02/2015 11:39:04]
AdwCleaner[R1].txt - [1404 Bytes] - [18/07/2015 13:30:43]
AdwCleaner[S0].txt - [8528 Bytes] - [19/02/2015 11:44:13]
AdwCleaner[S1].txt - [1342 Bytes] - [18/07/2015 13:31:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1401 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.07.2015 Suchlauf-Zeit: 13:39:57 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.07.18.02 Rootkit Datenbank: v2015.07.17.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Leonie Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 427976 Verstrichene Zeit: 28 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 1 PUP.Optional.Snapdo.T, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [1e1cb42fa8e261d5385b15ac798904fc], Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 6 PUP.Optional.HelperBar.A, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000),Ersetzt,[62d8cc17aae084b2c341042637cecc34] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=hp&fr=linkury-tb&installDate=08/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=hp&fr=linkury-tb&installDate=08/01/2014&type=hp1000),Ersetzt,[a3976e75672394a2d72d16148e77a65a] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000),Ersetzt,[9d9d5291bdcd46f034d0e64493724eb2] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000),Ersetzt,[b08ae8fbd6b490a67096999146bfb64a] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000),Ersetzt,[96a4b0339eecf1451beb9a9017eec23e] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=f68cac5c-21af-3474-b91e-9d54db191a6a&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000),Ersetzt,[a694786b1c6e7eb82fd495959e67ce32] Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 PUP.Optional.SnapDo.A, C:\Windows\Installer\650544d.msi, In Quarantäne, [e5550ed515755dd9b38e7caec93852ae], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by Leonie on 18.07.2015 at 14:16:55,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014
~~~ FireFox
Successfully deleted the following from C:\Users\Leonie\AppData\Roaming\mozilla\firefox\profiles\lwzg1941.default\prefs.js
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
Emptied folder: C:\Users\Leonie\AppData\Roaming\mozilla\firefox\profiles\lwzg1941.default\minidumps [89 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.07.2015 at 14:22:11,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015
Ran by Leonie (administrator) on LEO on 18-07-2015 14:24:04
Running from C:\Users\Leonie\Desktop
Loaded Profiles: Leonie (Available Profiles: UpdatusUser & Leonie)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] (Atheros Communications)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\Run: [LPT System Updater] => C:\Users\Leonie\AppData\Local\LPT\srptm.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002 -> {264A1D8B-DE32-4195-A61C-9A180EB861D8} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{28EB0C18-13F2-49CD-903C-9989BD2BB1F6}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6D1356EC-50A8-4791-9BEA-6DF55317E2B2}: [DhcpNameServer] 150.200.3.1
FireFox:
========
FF ProfilePath: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default
FF DefaultSearchEngine: Ecosia
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-07] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-02-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\searchplugins\ecosia.xml [2015-05-31]
FF Extension: Avira Browser Safety - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\abs@avira.com [2015-07-02]
FF Extension: GMX MailCheck - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\mailcheck@gmx.net [2015-06-18]
FF Extension: Personas Plus - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\personas@christopher.beard.xpi [2014-04-12]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-01-25]
FF Extension: Adblock Plus - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-17] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-11] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R2 SSPORT; C:\WINDOWS\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 14:22 - 2015-07-18 14:22 - 00002199 _____ C:\Users\Leonie\Desktop\JRT.txt
2015-07-18 14:15 - 2015-07-18 14:15 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Leonie\Desktop\JRT.exe
2015-07-18 14:13 - 2015-07-18 14:13 - 00004908 _____ C:\Users\Leonie\Desktop\mbam.txt
2015-07-18 13:39 - 2015-07-18 14:12 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 13:38 - 2015-07-18 13:38 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-18 13:38 - 2015-07-18 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-18 13:37 - 2015-07-18 13:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-18 13:37 - 2015-07-18 13:37 - 00001481 _____ C:\Users\Leonie\Desktop\AdwCleaner[S1].txt
2015-07-18 13:37 - 2015-07-18 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-18 13:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-18 13:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-18 13:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-18 13:36 - 2015-07-18 13:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Leonie\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-18 13:28 - 2015-07-18 13:28 - 02248704 _____ C:\Users\Leonie\Desktop\AdwCleaner_4.208.exe
2015-07-18 12:43 - 2015-07-18 12:43 - 00004725 _____ C:\Users\Leonie\Desktop\gmer.txt
2015-07-18 12:35 - 2015-07-18 12:35 - 00380416 _____ C:\Users\Leonie\Desktop\Gmer-19357.exe
2015-07-18 12:33 - 2015-07-18 12:34 - 00033788 _____ C:\Users\Leonie\Desktop\Addition.txt
2015-07-18 12:32 - 2015-07-18 14:24 - 00014356 _____ C:\Users\Leonie\Desktop\FRST.txt
2015-07-18 12:32 - 2015-07-18 14:24 - 00000000 ____D C:\FRST
2015-07-18 12:31 - 2015-07-18 12:31 - 00000474 _____ C:\Users\Leonie\Desktop\defogger_disable.log
2015-07-18 12:31 - 2015-07-18 12:31 - 00000000 _____ C:\Users\Leonie\defogger_reenable
2015-07-18 12:30 - 2015-07-18 12:30 - 02134016 _____ (Farbar) C:\Users\Leonie\Desktop\FRST64.exe
2015-07-18 12:29 - 2015-07-18 12:29 - 00050477 _____ C:\Users\Leonie\Desktop\Defogger.exe
2015-07-15 19:40 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 19:40 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 19:40 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 19:40 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 19:40 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 19:40 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 19:40 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 19:40 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 19:40 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 19:40 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 19:40 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 19:40 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 19:40 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 19:40 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 19:40 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 19:40 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 19:40 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 19:40 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 19:40 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 19:40 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 19:39 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 19:39 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 19:39 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 19:39 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 19:39 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 19:39 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 19:39 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 19:39 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 19:39 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 19:39 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 19:39 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 19:39 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 19:39 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 19:39 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 19:39 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 19:39 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 19:39 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 19:39 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 19:39 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 19:39 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 19:39 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 19:39 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 19:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 19:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 19:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 19:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 19:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 19:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 19:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 19:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 19:37 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 19:37 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 19:37 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 19:37 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 19:37 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 19:37 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 19:37 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 19:37 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 19:37 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 19:37 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 19:37 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 19:37 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 19:37 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 19:37 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 19:37 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 19:37 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 19:37 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 19:37 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 19:37 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 19:37 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 19:37 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 19:37 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 19:37 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 19:37 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 19:37 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 19:37 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 19:37 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 19:37 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 19:37 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 19:37 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 19:37 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 19:37 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 19:37 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 19:37 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 19:37 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 19:37 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 19:37 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 19:37 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 19:36 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 19:36 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 19:36 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-03 18:11 - 2015-07-16 06:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 18:32 - 2015-07-01 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-01 18:31 - 2015-07-01 18:32 - 00000000 ____D C:\Program Files\iTunes
2015-07-01 18:31 - 2015-07-01 18:31 - 00000000 ____D C:\Program Files\iPod
2015-07-01 18:31 - 2015-07-01 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-06-29 19:48 - 2014-12-05 16:32 - 00420352 _____ C:\WINDOWS\system32\SaMinDrv.dll
2015-06-29 19:48 - 2014-12-05 16:31 - 00151040 _____ C:\WINDOWS\system32\SaImgFlt.dll
2015-06-29 19:48 - 2014-12-05 16:31 - 00068096 _____ C:\WINDOWS\system32\SaErHdlr.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 14:24 - 2013-12-30 12:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229782175-1800344310-2740547102-1002
2015-07-18 14:13 - 2014-02-04 11:31 - 00000000 __RDO C:\Users\Leonie\SkyDrive
2015-07-18 14:11 - 2013-11-14 00:18 - 00341138 _____ C:\WINDOWS\PFRO.log
2015-07-18 14:11 - 2013-08-22 16:46 - 00358025 _____ C:\WINDOWS\setupact.log
2015-07-18 14:11 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-18 14:11 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-18 14:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-18 13:53 - 2014-01-02 13:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-18 13:37 - 2015-02-19 11:39 - 00000000 ____D C:\AdwCleaner
2015-07-18 13:13 - 2014-02-04 10:19 - 01749866 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-18 12:47 - 2014-04-06 16:35 - 00000000 ____D C:\Users\Leonie\AppData\Local\Deployment
2015-07-18 12:31 - 2014-02-04 10:25 - 00000000 ____D C:\Users\Leonie
2015-07-18 09:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-18 08:35 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-18 08:28 - 2014-01-29 11:33 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-07-18 08:20 - 2014-04-17 05:52 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{69FCF3D8-DFF5-4930-B4EB-2BECD9F22E20}
2015-07-18 08:20 - 2014-01-01 19:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-17 17:58 - 2014-01-01 19:04 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\vlc
2015-07-16 16:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-16 06:03 - 2013-08-22 16:44 - 00508344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-16 06:01 - 2014-04-11 18:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-15 20:44 - 2014-12-28 14:24 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 19:53 - 2014-01-02 13:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 17:20 - 2014-01-25 17:32 - 01955328 ___SH C:\Users\Leonie\Desktop\Thumbs.db
2015-07-13 23:10 - 2015-03-17 19:36 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2015-03-17 19:36 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 15:52 - 2013-12-30 12:23 - 00000000 ____D C:\Users\Leonie\AppData\Local\Packages
2015-07-11 13:02 - 2015-05-21 06:42 - 00005120 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LEO-Leonie Leo
2015-07-09 06:12 - 2014-08-17 21:29 - 00000000 ____D C:\Users\Leonie\AppData\Local\Adobe
2015-07-07 06:04 - 2014-08-14 08:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-07 06:04 - 2014-02-26 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-07 06:04 - 2014-02-26 23:46 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-05 10:38 - 2013-12-31 21:05 - 00000000 ____D C:\Users\Leonie\Documents\JOB
2015-07-05 10:37 - 2014-01-01 19:09 - 00000000 ___RD C:\Users\Leonie\Desktop\Programme
2015-07-03 18:26 - 2014-01-08 20:39 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\Apple Computer
2015-07-01 18:31 - 2015-04-16 07:06 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-01 18:31 - 2014-01-08 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-29 20:09 - 2013-12-31 18:39 - 00000000 ____D C:\Users\Leonie\Documents\FH Soziale Arbeit
2015-06-27 10:21 - 2014-04-06 16:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 17:21 - 2014-02-20 13:30 - 00013796 _____ C:\Users\Leonie\Desktop\Musik, Filme etc..ods
2015-06-24 07:07 - 2013-11-14 09:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-24 07:07 - 2013-11-14 09:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-06-24 07:07 - 2013-11-14 09:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-06-24 06:48 - 2014-11-19 07:09 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieBrowserModeList
2015-06-24 06:48 - 2014-05-12 16:57 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieUserList
2015-06-24 06:48 - 2014-05-12 16:57 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieSiteList
==================== Files in the root of some directories =======
2014-02-16 17:20 - 2014-02-16 17:20 - 0003430 _____ () C:\Users\Leonie\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Leonie\AppData\Local\Temp\avgnt.exe
C:\Users\Leonie\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Leonie\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Leonie\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Leonie\AppData\Local\Temp\Quarantine.exe
C:\Users\Leonie\AppData\Local\Temp\sqlite3.dll
C:\Users\Leonie\AppData\Local\Temp\_is9E0.exe
C:\Users\Leonie\AppData\Local\Temp\_isE59A.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-18 08:41
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015
Ran by Leonie at 2015-07-18 14:24:56
Running from C:\Users\Leonie\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3229782175-1800344310-2740547102-500 - Administrator - Disabled)
Gast (S-1-5-21-3229782175-1800344310-2740547102-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3229782175-1800344310-2740547102-1006 - Limited - Enabled)
Leonie (S-1-5-21-3229782175-1800344310-2740547102-1002 - Administrator - Enabled) => C:\Users\Leonie
UpdatusUser (S-1-5-21-3229782175-1800344310-2740547102-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AliceHilfe (HKLM-x32\...\AliceHilfe 1.0.0.1) (Version: 1.0.0.1 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.6 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.4 - Broadcom Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 311.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.59 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.014 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
18-07-2015 14:16:56 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D59453D-B3A2-486E-8622-F36C8932CF00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1A5C2EA2-5984-4D1A-B1D4-1D4564EB0B7D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2643D3B5-7103-4A34-806D-CC1A4332B506} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {2C8DD765-FE9C-481C-97E8-3349D94A7304} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {318A4727-68C8-4903-B471-28BCBE08F5BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LEO-Leonie Leo => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {41278C68-0060-4373-BB9C-B5F0967B0555} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5C11992F-EBCD-4382-AFD7-95E0581B60BB} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {62D90449-2A85-42CC-9928-19FEE6F76C80} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {7102717A-B900-4271-8C2C-AF3A11DA13B1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {71B10DB7-CA4C-42FD-9537-A7850F7CD83A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {89B854BB-E092-4814-984C-C8A634C1D1EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {D91D7235-433F-419E-A7E8-1669E794D495} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {E256B03A-5BA8-4D82-95BF-E660EE901391} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {F1A11905-6598-43BD-A89C-E8CF4CF5F986} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2014-04-08 17:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Leonie\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonie\Pictures\Diverse Bilder\bike green small.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3DA4BD02-D75F-4829-A2E9-52119CA7D6DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89812770-80AA-4C14-8042-C95E8DBFE598}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E032E77D-BEC4-422A-93F0-4F9BCDF36FEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{565D2AB6-211E-4DA9-AEB1-B190D9D261D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4059E93-0C91-426A-B4FC-26D67451AFE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{7BF0EE21-9610-4BF3-9A30-CD4EB675D4C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{0893171F-052F-4413-8CB9-6896155D43BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{030D2738-3DCC-4DE6-9B51-DF93288C44C7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{119360D4-EBD2-4D8B-A076-CCC1668C904F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{294D90B4-3BCC-47A8-9708-F7F5AD51A061}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D587BDBD-674A-421E-B33A-4400461D1586}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{AF1253BF-CDC9-4C77-9C13-91278B3E187F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{4938BC32-6769-450B-BDFD-A9311DD17E46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ED79EE4C-B93A-476B-84A1-72080B094B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{9E07AA90-8B51-47B7-8B74-04FB9364B1C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{7AC631AE-CCE5-415B-8D4B-53162D5BE1FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{049B6B29-5A9F-4F95-808B-B312B7D35975}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{7C6D1368-19F8-41A8-AD98-90BC437EDE9B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{F225E7FE-93F2-49FC-938A-D9EE52C6DBBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{417093DA-BBAA-447E-B58D-3319E5503034}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B94B34EA-E369-4902-9D69-044A656197DF}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{26A0EA0E-AB9D-4285-92D0-A96916F2A9CD}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{103E314D-4C11-4CE5-A9B6-F5C18E900AF6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{ADB10595-BA05-4280-A1D6-3F04DC3FD888}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A7852FE8-8D4C-4984-8B27-42ECD034C8D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A2B509E9-2C9A-4F68-802A-94DB2DB91E30}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E7F9E92A-6BE3-4972-B7A0-FB24A283A1C3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{C16C9823-4F86-4D7F-BE60-96DB5B4656B8}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [UDP Query User{05667958-109D-4D37-883A-295039EFB3F7}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{7D9479B5-B837-40FB-B64A-ED8A272FBE37}] => (Allow) C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{81CB65BA-2E44-4BA0-8341-D95FD4B94A79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B35EA37F-855E-4D07-BA0C-9EE4EDD4F774}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{35B6C248-7543-4CA8-96B0-AAEF08E5BEB6}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{34352CE5-B475-4C15-9354-F09A041799A9}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{8C91488F-EAD3-4981-A85F-14E3F807EC2C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{D2D1E2AF-485F-4DC2-9B22-3938A38E94BB}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{C4655173-AEEF-42E3-9107-9A1466EC1AFC}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{E948F8BC-EF08-4EB5-BBBC-72938931159D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{020CFD0B-B1C1-4EA0-AC43-5193DC823BBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{598A7B19-5B18-4451-8179-FAB1564100CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2015 01:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avcenter.exe, Version: 15.0.11.574, Zeitstempel: 0x55659e3f
Name des fehlerhaften Moduls: avcenter.exe, Version: 15.0.11.574, Zeitstempel: 0x55659e3f
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00035d80
ID des fehlerhaften Prozesses: 0xf48
Startzeit der fehlerhaften Anwendung: 0xavcenter.exe0
Pfad der fehlerhaften Anwendung: avcenter.exe1
Pfad des fehlerhaften Moduls: avcenter.exe2
Berichtskennung: avcenter.exe3
Vollständiger Name des fehlerhaften Pakets: avcenter.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avcenter.exe5
Error: (07/18/2015 08:20:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: LEO)
Description: Produkt: Adobe Reader XI (11.0.11) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011012}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/14/2015 05:15:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (07/12/2015 03:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2296
System errors:
=============
Error: (07/18/2015 02:18:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/18/2015 02:18:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Integrated Clock Controller Service - Intel(R) ICCS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/18/2015 02:18:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/18/2015 02:18:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (07/18/2015 01:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avcenter.exe15.0.11.57455659e3favcenter.exe15.0.11.57455659e3fc000040900035d80f4801d0c147bee0165dC:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe33788e99-2d40-11e5-beac-48d22421cbaa
Error: (07/18/2015 08:20:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: LEO)
Description: Adobe Reader XI (11.0.11) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011012}1625(NULL)(NULL)(NULL)
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11484
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13516
Error: (07/16/2015 06:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/14/2015 05:15:51 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (07/12/2015 03:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2296
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 18%
Total physical RAM: 8007.27 MB
Available physical RAM: 6543.69 MB
Total Virtual: 9287.27 MB
Available Virtual: 7897.5 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:448.85 GB) (Free:329.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D620F07)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
18.07.2015, 14:29
| #4 |
| /// TB-Ausbilder | "WinloadSDA.Gen" und andere Funde Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\Run: [LPT System Updater] => C:\Users\Leonie\AppData\Local\LPT\srptm.exe
C:\Users\Leonie\AppData\Local\LPT
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002 -> {264A1D8B-DE32-4195-A61C-9A180EB861D8} URL =
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4
Bitte poste mit deiner nächsten Antwort
__________________ Das Trojaner-Board unterstützen |
|
18.07.2015, 16:32
| #5 |
| | "WinloadSDA.Gen" und andere Funde Danke Matthias! Hier die Logfiles: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015
Ran by Leonie at 2015-07-18 15:47:00 Run:1
Running from C:\Users\Leonie\Desktop
Loaded Profiles: Leonie (Available Profiles: UpdatusUser & Leonie)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\Run: [LPT System Updater] => C:\Users\Leonie\AppData\Local\LPT\srptm.exe
C:\Users\Leonie\AppData\Local\LPT
SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002 -> {264A1D8B-DE32-4195-A61C-9A180EB861D8} URL =
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Software\Microsoft\Windows\CurrentVersion\Run\\LPT System Updater => value removed successfully
"C:\Users\Leonie\AppData\Local\LPT" => File/Folder not found.
"HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{264A1D8B-DE32-4195-A61C-9A180EB861D8}" => key removed successfully
HKCR\CLSID\{264A1D8B-DE32-4195-A61C-9A180EB861D8} => key not found.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 3 GB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 15:48:06 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ae360e6b3df3fa47abca6357bf2778a0
# end=init
# utc_time=2015-07-18 01:55:37
# local_time=2015-07-18 03:55:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24866
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ae360e6b3df3fa47abca6357bf2778a0
# end=updated
# utc_time=2015-07-18 01:58:01
# local_time=2015-07-18 03:58:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ae360e6b3df3fa47abca6357bf2778a0
# engine=24866
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-18 03:19:06
# local_time=2015-07-18 05:19:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9415951 62114039 0 0
# scanned=224350
# found=65
# cleaned=65
# scan_time=4863
sh=052CF7A10C2220549587A493E6AA7AB31059FC2C ft=1 fh=b441b46ee1f56b45 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\lrrot.dll.vir"
sh=D496D10A68179D30C2A8E753F177B80024E21724 ft=1 fh=2c28c5bbc2c0401d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=0B8441FC2BFF5AD7364042752739351450CCE531 ft=1 fh=b506c4e0a9edc2a4 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=799816267E11729AE47D3DA65B3BDB9EFB272DE4 ft=1 fh=2eeead50cbb6ba73 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\ProxySettings.dll.vir"
sh=3EEBC5148F918F13742B08E1C5E234E369643014 ft=1 fh=bb1dbd23fa263d5b vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\sppsm.dll.vir"
sh=9E701DB966648F9594CF7C66BD05A196BD5E639E ft=1 fh=4b6b6a9bdcec148d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\spusm.dll.vir"
sh=B2D51A241C095983246EFA0707358A7B84F674A3 ft=1 fh=fa82085b4d95dd0f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srbs.dll.vir"
sh=84DFA8513BC5D5869A65E45787B0982416533D55 ft=1 fh=7633e73a8ff89552 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srbu.dll.vir"
sh=8AF3C95A5C906FEB601EC42908E52575280FE273 ft=1 fh=9a43d0dd4b8d8c50 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\sreu.dll.vir"
sh=216FC310CCC7F263FDB23398B9C39CF03EED4D79 ft=1 fh=6f923f60df81cc37 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srpdm.dll.vir"
sh=2ECC7BCF499305F75436B43EA3FA4FC60DC37D21 ft=1 fh=4a74338a34d926dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srprl.dll.vir"
sh=3A26A69CE536218D6DF5C5D2932DB807AF7DD976 ft=1 fh=9dd0811f936d3db5 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srpt.dll.vir"
sh=4EAA251754E661F7DEF939B88E39546610F7D5AB ft=1 fh=9b321cfd650fb946 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srptc.dll.vir"
sh=EF83D85AF9527B5525E2F638D5E6BE3D836A2C3D ft=1 fh=43903fa2203117ee vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\srut.dll.vir"
sh=5ECBBEE6EF44CC6B6940346281B3EE69423A7D37 ft=1 fh=f6ea516f6d6a2366 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\Resources\ntdis_32.dll.vir"
sh=329F3C6FC0B792B9166CD978F899AC7A53856ECE ft=1 fh=08369c32b8251e32 vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\LPT\Resources\ntdis_64.dll.vir"
sh=4E0A6D0DEDBD39055190E4601AF1489ED97A89A1 ft=1 fh=294586bab31c85ee vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll.vir"
sh=0F70258AC0665F22AFE70D5FAA0D1808CA47BF21 ft=1 fh=441b6bb56dae53e9 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\lrcnt.dll.vir"
sh=052CF7A10C2220549587A493E6AA7AB31059FC2C ft=1 fh=b441b46ee1f56b45 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\lrrot.dll.vir"
sh=DBC5BC7BD4804B1E73AEAC857C93C700FBC99E86 ft=1 fh=47295e31a64b309f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\MACTrackBarLib.dll.vir"
sh=C7900A86009EB26E02BC2B2D4C9BFBA434776CD8 ft=1 fh=b456fec3d1a32b21 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\NDde.dll.vir"
sh=D496D10A68179D30C2A8E753F177B80024E21724 ft=1 fh=2c28c5bbc2c0401d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\Newtonsoft.Json.dll.vir"
sh=0B8441FC2BFF5AD7364042752739351450CCE531 ft=1 fh=b506c4e0a9edc2a4 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\Proxy.Lib.dll.vir"
sh=799816267E11729AE47D3DA65B3BDB9EFB272DE4 ft=1 fh=2eeead50cbb6ba73 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\ProxySettings.dll.vir"
sh=EE063BFA932F6E4D408309114930B733AD0B02C8 ft=1 fh=c3e25114cb0c3d49 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sgml.dll.vir"
sh=81BE5BC16BE2A987355AA90AAE4CA0DA6CD4F4E9 ft=1 fh=63a0b9f03c4cc370 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sidb.dll.vir"
sh=EB25B81CE84AD353A6B37454B41F0C132878E7B5 ft=1 fh=3b83e9d1217983cf vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\siem.dll.vir"
sh=812E33EF8B226C91531CC6BEE5B9779EBCB99FED ft=1 fh=d463862fab8f00d6 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sipb.dll.vir"
sh=FF4F0674892FBE07B26E38472CF0C9262F0389FE ft=1 fh=272ee5f1471905c7 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sismlp.dll.vir"
sh=5D7755AC4BE84AB0F0311C43A4B788297F76122E ft=1 fh=23c9a37a5723e104 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=90D4B9F6D849EADBF63C3B747A289ABF1AC0091F ft=1 fh=17583a669e66157d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\smti.dll.vir"
sh=ECBFF75D22AB878CDD23425886320C8536CBA0A7 ft=1 fh=18023623eabafe76 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=E6AB1EF26EE9E35EC98B323FA929FF927C06A03E ft=1 fh=9fdf172373839554 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=0E8D779C77DF8189871102E2A3B88150EF2BEDA4 ft=1 fh=77f41bbce14e5e9a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=3EEBC5148F918F13742B08E1C5E234E369643014 ft=1 fh=bb1dbd23fa263d5b vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=28B6D242098BAE551EA209BA735C932546893FF3 ft=1 fh=d1205c4e9ec83489 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\spsm.dll.vir"
sh=9E701DB966648F9594CF7C66BD05A196BD5E639E ft=1 fh=4b6b6a9bdcec148d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=7D289A8702110C8DB99B85CB6586365AD27FC4EE ft=1 fh=64a36df8069f6984 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=D2DEC0D901179B19922C41F5F3B00C4019A9C120 ft=1 fh=8398d7642ddd90eb vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srbhu.dll.vir"
sh=B2D51A241C095983246EFA0707358A7B84F674A3 ft=1 fh=fa82085b4d95dd0f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=84DFA8513BC5D5869A65E45787B0982416533D55 ft=1 fh=7633e73a8ff89552 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=8AF3C95A5C906FEB601EC42908E52575280FE273 ft=1 fh=9a43d0dd4b8d8c50 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sreu.dll.vir"
sh=E6E9039FEAC419A666C6AFBA2899DE923C69702B ft=1 fh=3dd1b5c999c29ea8 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srgu.dll.vir"
sh=3EC69317FA8EAC7212D2B9F0642FF53D4AEECDE0 ft=1 fh=152fd0b4907ae4dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srns.dll.vir"
sh=FBA5790A0614DF045191BD21BFA39EA6C7EE7908 ft=1 fh=577d3fa5b03a1497 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srom.dll.vir"
sh=216FC310CCC7F263FDB23398B9C39CF03EED4D79 ft=1 fh=6f923f60df81cc37 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srpdm.dll.vir"
sh=2ECC7BCF499305F75436B43EA3FA4FC60DC37D21 ft=1 fh=4a74338a34d926dd vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srprl.dll.vir"
sh=2ECC92E1EBA2554A946DD356C50D85613659B02F ft=1 fh=e4cacf08cb709047 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=0AACC516D8E5F0C7609631EBDC51A0F163B29C6C ft=1 fh=3e8c510bd8323936 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srsbs.dll.vir"
sh=E14EA58898FCF0E5EFD7B01B07B9694638BD8EF2 ft=1 fh=bb0b18ffe7529975 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srsbsau.dll.vir"
sh=68DC8029DCD6A0003CA9A24A14E83D2836C39D26 ft=1 fh=bbd69b096e55e374 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srsl.dll.vir"
sh=12AE56249FB19F51E482667D2471C2B3D6B5B5E0 ft=1 fh=2386f86f684221a3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\sruhs.dll.vir"
sh=7ED52C7E637B6CDEE9DD1F37A4E0001D9A857E63 ft=1 fh=1946b22fbd33749d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srus.dll.vir"
sh=EF83D85AF9527B5525E2F638D5E6BE3D836A2C3D ft=1 fh=43903fa2203117ee vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=452D51D370C39AA6F1F8DF3AE42A7DBD3D4C1042 ft=1 fh=371580768ace7c26 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7290509DD9B7F8DCFA781334EBEFF3E5D4C58C5C ft=1 fh=0aae782d31fb93bd vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=32602D4077332EE0F75304C87434755510F768FD ft=1 fh=4d22cbd3b33f2e9e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=A5517659524BFD05ABEF457FE26F1D0E80D3EF85 ft=1 fh=af4585d56f4a69b5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=36E31354BDEA960B9E966413460C3CB81036C629 ft=1 fh=107c58d6ba93a4af vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=11A0F13E2F190D57AA83B9496ACBFD5CE2108396 ft=1 fh=8d2b5acaa933e82b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Local\Smartbar\Common\ServicesPlugins\spup.dll.vir"
sh=E84A7F0186D3663945B6528AC11D236369FE3BE5 ft=1 fh=42264a12eec40ade vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Leonie\AppData\Roaming\OpenCandy\C248C0950DF841A0808EF0C04B1ED27E\Installer.exe.vir"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Leonie\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=8E11576A2D99F0900DF7B767B216F3813170EB97 ft=1 fh=103cd6974b4c4f5b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
Code:
ATTFilter Results of screen317's Security Check version 1.004 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Java 8 Update 45 Adobe Flash Player 18.0.0.209 Adobe Reader XI Mozilla Firefox (39.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01 Ran by Leonie (administrator) on LEO on 18-07-2015 17:25:50 Running from C:\Users\Leonie\Desktop Loaded Profiles: UpdatusUser & Leonie (Available Profiles: UpdatusUser & Leonie) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-17] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133248 2013-05-31] (Atheros Communications) HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3229782175-1800344310-2740547102-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{28EB0C18-13F2-49CD-903C-9989BD2BB1F6}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6D1356EC-50A8-4791-9BEA-6DF55317E2B2}: [DhcpNameServer] 150.200.3.1 FireFox: ======== FF ProfilePath: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default FF DefaultSearchEngine: Ecosia FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-07] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-02-28] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\searchplugins\ecosia.xml [2015-05-31] FF Extension: Avira Browser Safety - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\abs@avira.com [2015-07-02] FF Extension: GMX MailCheck - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\mailcheck@gmx.net [2015-06-18] FF Extension: Personas Plus - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\personas@christopher.beard.xpi [2014-04-12] FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-01-25] FF Extension: Adblock Plus - C:\Users\Leonie\AppData\Roaming\Mozilla\Firefox\Profiles\lwzg1941.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-01-01] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-17] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-17] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-17] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [310912 2013-05-31] (Windows (R) Win 7 DDK provider) [File not signed] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-11] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-05-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R2 SSPORT; C:\WINDOWS\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed] S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-18 17:25 - 2015-07-18 17:25 - 00000945 _____ C:\Users\Leonie\Desktop\checkup.txt 2015-07-18 17:25 - 2015-07-18 17:25 - 00000000 ____D C:\Users\Leonie\Desktop\FRST-OlderVersion 2015-07-18 17:23 - 2015-07-18 17:23 - 00852662 _____ C:\Users\Leonie\Desktop\SecurityCheck.exe 2015-07-18 15:55 - 2015-07-18 15:55 - 00000000 ____D C:\Program Files (x86)\ESET 2015-07-18 15:52 - 2015-07-18 15:52 - 02870984 _____ (ESET) C:\Users\Leonie\Desktop\esetsmartinstaller_deu.exe 2015-07-18 14:22 - 2015-07-18 14:22 - 00002199 _____ C:\Users\Leonie\Desktop\JRT.txt 2015-07-18 14:15 - 2015-07-18 14:15 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Leonie\Desktop\JRT.exe 2015-07-18 14:13 - 2015-07-18 14:13 - 00004908 _____ C:\Users\Leonie\Desktop\mbam.txt 2015-07-18 13:39 - 2015-07-18 15:50 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-07-18 13:38 - 2015-07-18 13:38 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-07-18 13:38 - 2015-07-18 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-18 13:37 - 2015-07-18 13:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-07-18 13:37 - 2015-07-18 13:37 - 00001481 _____ C:\Users\Leonie\Desktop\AdwCleaner[S1].txt 2015-07-18 13:37 - 2015-07-18 13:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-07-18 13:37 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-07-18 13:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-07-18 13:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-07-18 13:36 - 2015-07-18 13:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Leonie\Desktop\mbam-setup-2.1.6.1022.exe 2015-07-18 13:28 - 2015-07-18 13:28 - 02248704 _____ C:\Users\Leonie\Desktop\AdwCleaner_4.208.exe 2015-07-18 12:43 - 2015-07-18 12:43 - 00004725 _____ C:\Users\Leonie\Desktop\gmer.txt 2015-07-18 12:35 - 2015-07-18 12:35 - 00380416 _____ C:\Users\Leonie\Desktop\Gmer-19357.exe 2015-07-18 12:33 - 2015-07-18 14:25 - 00032603 _____ C:\Users\Leonie\Desktop\Addition.txt 2015-07-18 12:32 - 2015-07-18 17:25 - 00017925 _____ C:\Users\Leonie\Desktop\FRST.txt 2015-07-18 12:32 - 2015-07-18 17:25 - 00000000 ____D C:\FRST 2015-07-18 12:31 - 2015-07-18 12:31 - 00000474 _____ C:\Users\Leonie\Desktop\defogger_disable.log 2015-07-18 12:31 - 2015-07-18 12:31 - 00000000 _____ C:\Users\Leonie\defogger_reenable 2015-07-18 12:30 - 2015-07-18 17:25 - 02134528 _____ (Farbar) C:\Users\Leonie\Desktop\FRST64.exe 2015-07-18 12:29 - 2015-07-18 12:29 - 00050477 _____ C:\Users\Leonie\Desktop\Defogger.exe 2015-07-18 08:35 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll 2015-07-18 08:35 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll 2015-07-18 08:35 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll 2015-07-18 08:35 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2015-07-18 08:35 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2015-07-18 08:35 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-07-15 19:40 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2015-07-15 19:40 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-07-15 19:40 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2015-07-15 19:40 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2015-07-15 19:40 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2015-07-15 19:40 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2015-07-15 19:40 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2015-07-15 19:40 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2015-07-15 19:40 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-07-15 19:40 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-07-15 19:40 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-07-15 19:40 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-07-15 19:40 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-07-15 19:40 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-07-15 19:40 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2015-07-15 19:40 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2015-07-15 19:40 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2015-07-15 19:40 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2015-07-15 19:40 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-07-15 19:40 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-07-15 19:39 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-07-15 19:39 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2015-07-15 19:39 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-07-15 19:39 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-07-15 19:39 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-07-15 19:39 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-07-15 19:39 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-07-15 19:39 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-07-15 19:39 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-07-15 19:39 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-07-15 19:39 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-07-15 19:39 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-07-15 19:39 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-07-15 19:39 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-07-15 19:39 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-07-15 19:39 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-07-15 19:39 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-07-15 19:39 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-07-15 19:39 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-07-15 19:39 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-07-15 19:39 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-07-15 19:39 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-07-15 19:39 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-07-15 19:39 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-07-15 19:39 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-07-15 19:38 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-07-15 19:38 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-07-15 19:38 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-07-15 19:38 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-07-15 19:38 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-07-15 19:37 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-07-15 19:37 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-07-15 19:37 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-07-15 19:37 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-07-15 19:37 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-07-15 19:37 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-07-15 19:37 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-07-15 19:37 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2015-07-15 19:37 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2015-07-15 19:37 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-07-15 19:37 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-07-15 19:37 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-07-15 19:37 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-07-15 19:37 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-07-15 19:37 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-07-15 19:37 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-07-15 19:37 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-07-15 19:37 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-07-15 19:37 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-07-15 19:37 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-07-15 19:37 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-07-15 19:37 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-07-15 19:37 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-07-15 19:37 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2015-07-15 19:37 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2015-07-15 19:37 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-07-15 19:37 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-07-15 19:37 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-07-15 19:37 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-07-15 19:37 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-07-15 19:37 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-07-15 19:37 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-07-15 19:37 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-07-15 19:37 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-07-15 19:37 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-07-15 19:37 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-07-15 19:37 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2015-07-15 19:37 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2015-07-15 19:36 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2015-07-15 19:36 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2015-07-15 19:36 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll 2015-07-03 18:11 - 2015-07-16 06:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-01 18:32 - 2015-07-01 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-01 18:31 - 2015-07-01 18:32 - 00000000 ____D C:\Program Files\iTunes 2015-07-01 18:31 - 2015-07-01 18:31 - 00000000 ____D C:\Program Files\iPod 2015-07-01 18:31 - 2015-07-01 18:31 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-29 19:48 - 2014-12-05 16:32 - 00420352 _____ C:\WINDOWS\system32\SaMinDrv.dll 2015-06-29 19:48 - 2014-12-05 16:31 - 00151040 _____ C:\WINDOWS\system32\SaImgFlt.dll 2015-06-29 19:48 - 2014-12-05 16:31 - 00068096 _____ C:\WINDOWS\system32\SaErHdlr.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-18 17:23 - 2014-02-04 10:19 - 01877097 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-18 17:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-07-18 16:53 - 2014-01-02 13:13 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-18 16:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-07-18 16:35 - 2014-01-01 18:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-18 16:25 - 2015-04-09 20:07 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-07-18 16:25 - 2015-04-09 20:07 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-07-18 15:50 - 2014-02-04 11:31 - 00000000 ___DO C:\Users\Leonie\SkyDrive 2015-07-18 15:49 - 2013-08-22 16:46 - 00358102 _____ C:\WINDOWS\setupact.log 2015-07-18 15:49 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-18 15:48 - 2013-11-14 00:18 - 00342320 _____ C:\WINDOWS\PFRO.log 2015-07-18 15:48 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-07-18 14:50 - 2013-12-30 12:32 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3229782175-1800344310-2740547102-1002 2015-07-18 14:38 - 2014-04-17 05:52 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{69FCF3D8-DFF5-4930-B4EB-2BECD9F22E20} 2015-07-18 13:37 - 2015-02-19 11:39 - 00000000 ____D C:\AdwCleaner 2015-07-18 12:47 - 2014-04-06 16:35 - 00000000 ____D C:\Users\Leonie\AppData\Local\Deployment 2015-07-18 12:31 - 2014-02-04 10:25 - 00000000 ____D C:\Users\Leonie 2015-07-18 09:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2015-07-18 08:28 - 2014-01-29 11:33 - 00000099 _____ C:\Users\Public\LMDebug.log 2015-07-18 08:20 - 2014-01-01 19:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-07-17 17:58 - 2014-01-01 19:04 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\vlc 2015-07-16 16:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-07-16 06:03 - 2013-08-22 16:44 - 00508344 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-07-16 06:01 - 2014-04-11 18:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-15 20:44 - 2014-12-28 14:24 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 19:53 - 2014-01-02 13:13 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-07-14 17:20 - 2014-01-25 17:32 - 01955328 ___SH C:\Users\Leonie\Desktop\Thumbs.db 2015-07-13 23:10 - 2015-03-17 19:36 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-07-13 23:10 - 2015-03-17 19:36 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-11 15:52 - 2013-12-30 12:23 - 00000000 ____D C:\Users\Leonie\AppData\Local\Packages 2015-07-11 13:02 - 2015-05-21 06:42 - 00005120 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LEO-Leonie Leo 2015-07-09 06:12 - 2014-08-17 21:29 - 00000000 ____D C:\Users\Leonie\AppData\Local\Adobe 2015-07-07 06:04 - 2014-08-14 08:55 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-07 06:04 - 2014-02-26 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-07-07 06:04 - 2014-02-26 23:46 - 00000000 ____D C:\Program Files (x86)\Avira 2015-07-05 10:38 - 2013-12-31 21:05 - 00000000 ____D C:\Users\Leonie\Documents\JOB 2015-07-05 10:37 - 2014-01-01 19:09 - 00000000 ___RD C:\Users\Leonie\Desktop\Programme 2015-07-03 18:26 - 2014-01-08 20:39 - 00000000 ____D C:\Users\Leonie\AppData\Roaming\Apple Computer 2015-07-03 08:43 - 2014-01-01 18:46 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-07-01 18:31 - 2015-04-16 07:06 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-01 18:31 - 2014-01-08 20:38 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-06-29 20:09 - 2013-12-31 18:39 - 00000000 ____D C:\Users\Leonie\Documents\FH Soziale Arbeit 2015-06-27 10:21 - 2014-04-06 16:27 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-06-25 17:21 - 2014-02-20 13:30 - 00013796 _____ C:\Users\Leonie\Desktop\Musik, Filme etc..ods 2015-06-24 07:07 - 2013-11-14 09:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-06-24 07:07 - 2013-11-14 09:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2015-06-24 07:07 - 2013-11-14 09:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2015-06-24 06:48 - 2014-11-19 07:09 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieBrowserModeList 2015-06-24 06:48 - 2014-05-12 16:57 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieUserList 2015-06-24 06:48 - 2014-05-12 16:57 - 00000000 __SHD C:\Users\Leonie\AppData\Local\EmieSiteList ==================== Files in the root of some directories ======= 2014-02-16 17:20 - 2014-02-16 17:20 - 0003430 _____ () C:\Users\Leonie\AppData\Local\recently-used.xbel Some files in TEMP: ==================== C:\Users\Leonie\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-18 16:21 ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Leonie at 2015-07-18 17:26:45
Running from C:\Users\Leonie\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3229782175-1800344310-2740547102-500 - Administrator - Disabled)
Gast (S-1-5-21-3229782175-1800344310-2740547102-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3229782175-1800344310-2740547102-1006 - Limited - Enabled)
Leonie (S-1-5-21-3229782175-1800344310-2740547102-1002 - Administrator - Enabled) => C:\Users\Leonie
UpdatusUser (S-1-5-21-3229782175-1800344310-2740547102-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AliceHilfe (HKLM-x32\...\AliceHilfe 1.0.0.1) (Version: 1.0.0.1 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.6 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.4 - Broadcom Corporation)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 311.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.59 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.014 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Spielkanäle (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3229782175-1800344310-2740547102-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
18-07-2015 14:16:56 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D59453D-B3A2-486E-8622-F36C8932CF00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {1A5C2EA2-5984-4D1A-B1D4-1D4564EB0B7D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2643D3B5-7103-4A34-806D-CC1A4332B506} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {2C8DD765-FE9C-481C-97E8-3349D94A7304} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {318A4727-68C8-4903-B471-28BCBE08F5BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LEO-Leonie Leo => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {41278C68-0060-4373-BB9C-B5F0967B0555} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {44CA76AF-DF16-47C2-8DBF-D9ECEC6077D2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {5C11992F-EBCD-4382-AFD7-95E0581B60BB} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {62D90449-2A85-42CC-9928-19FEE6F76C80} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {7102717A-B900-4271-8C2C-AF3A11DA13B1} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {71B10DB7-CA4C-42FD-9537-A7850F7CD83A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {89B854BB-E092-4814-984C-C8A634C1D1EA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {D91D7235-433F-419E-A7E8-1669E794D495} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {E256B03A-5BA8-4D82-95BF-E660EE901391} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {F1A11905-6598-43BD-A89C-E8CF4CF5F986} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-04-14 03:41 - 2011-04-14 03:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-08 17:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-30 10:51 - 2013-08-30 10:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-05-31 01:23 - 2013-05-31 01:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-05-31 01:19 - 2013-05-31 01:19 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-31 01:53 - 2013-05-31 01:53 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-04-14 03:40 - 2011-04-14 03:40 - 00968192 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
2013-08-15 09:06 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-20 14:50 - 2013-09-20 14:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-09-17 05:54 - 2013-09-17 05:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Leonie\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3229782175-1800344310-2740547102-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3229782175-1800344310-2740547102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonie\Pictures\Diverse Bilder\bike green small.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3DA4BD02-D75F-4829-A2E9-52119CA7D6DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{89812770-80AA-4C14-8042-C95E8DBFE598}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E032E77D-BEC4-422A-93F0-4F9BCDF36FEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{565D2AB6-211E-4DA9-AEB1-B190D9D261D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4059E93-0C91-426A-B4FC-26D67451AFE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{7BF0EE21-9610-4BF3-9A30-CD4EB675D4C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{0893171F-052F-4413-8CB9-6896155D43BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{030D2738-3DCC-4DE6-9B51-DF93288C44C7}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{119360D4-EBD2-4D8B-A076-CCC1668C904F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{294D90B4-3BCC-47A8-9708-F7F5AD51A061}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{D587BDBD-674A-421E-B33A-4400461D1586}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{AF1253BF-CDC9-4C77-9C13-91278B3E187F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{4938BC32-6769-450B-BDFD-A9311DD17E46}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{ED79EE4C-B93A-476B-84A1-72080B094B0E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{9E07AA90-8B51-47B7-8B74-04FB9364B1C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{7AC631AE-CCE5-415B-8D4B-53162D5BE1FB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{049B6B29-5A9F-4F95-808B-B312B7D35975}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{7C6D1368-19F8-41A8-AD98-90BC437EDE9B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{F225E7FE-93F2-49FC-938A-D9EE52C6DBBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{417093DA-BBAA-447E-B58D-3319E5503034}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B94B34EA-E369-4902-9D69-044A656197DF}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{26A0EA0E-AB9D-4285-92D0-A96916F2A9CD}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{103E314D-4C11-4CE5-A9B6-F5C18E900AF6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{ADB10595-BA05-4280-A1D6-3F04DC3FD888}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A7852FE8-8D4C-4984-8B27-42ECD034C8D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A2B509E9-2C9A-4F68-802A-94DB2DB91E30}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{E7F9E92A-6BE3-4972-B7A0-FB24A283A1C3}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [TCP Query User{C16C9823-4F86-4D7F-BE60-96DB5B4656B8}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [UDP Query User{05667958-109D-4D37-883A-295039EFB3F7}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{7D9479B5-B837-40FB-B64A-ED8A272FBE37}] => (Allow) C:\Users\Leonie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{81CB65BA-2E44-4BA0-8341-D95FD4B94A79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B35EA37F-855E-4D07-BA0C-9EE4EDD4F774}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{35B6C248-7543-4CA8-96B0-AAEF08E5BEB6}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{34352CE5-B475-4C15-9354-F09A041799A9}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{8C91488F-EAD3-4981-A85F-14E3F807EC2C}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
FirewallRules: [{D2D1E2AF-485F-4DC2-9B22-3938A38E94BB}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{C4655173-AEEF-42E3-9107-9A1466EC1AFC}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe
FirewallRules: [{E948F8BC-EF08-4EB5-BBBC-72938931159D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{020CFD0B-B1C1-4EA0-AC43-5193DC823BBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{598A7B19-5B18-4451-8179-FAB1564100CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2015 05:21:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 04:25:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 03:55:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 03:55:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 03:53:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 03:53:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 03:52:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Error: (07/18/2015 01:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avcenter.exe, Version: 15.0.11.574, Zeitstempel: 0x55659e3f
Name des fehlerhaften Moduls: avcenter.exe, Version: 15.0.11.574, Zeitstempel: 0x55659e3f
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00035d80
ID des fehlerhaften Prozesses: 0xf48
Startzeit der fehlerhaften Anwendung: 0xavcenter.exe0
Pfad der fehlerhaften Anwendung: avcenter.exe1
Pfad des fehlerhaften Moduls: avcenter.exe2
Berichtskennung: avcenter.exe3
Vollständiger Name des fehlerhaften Pakets: avcenter.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avcenter.exe5
Error: (07/18/2015 08:20:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: LEO)
Description: Produkt: Adobe Reader XI (11.0.11) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011012}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11484
System errors:
=============
Error: (07/18/2015 04:35:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB2976978)
Error: (07/18/2015 03:56:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/18/2015 03:56:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leonie\AppData\Local\Temp\ehdrv.sys
Error: (07/18/2015 03:56:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/18/2015 03:56:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leonie\AppData\Local\Temp\ehdrv.sys
Error: (07/18/2015 03:56:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/18/2015 03:56:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Leonie\AppData\Local\Temp\ehdrv.sys
Error: (07/18/2015 03:49:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/18/2015 03:47:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/18/2015 03:47:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (07/18/2015 05:21:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (07/18/2015 04:25:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\leonie\desktop\esetsmartinstaller_deu.exe
Error: (07/18/2015 03:55:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Leonie\Desktop\esetsmartinstaller_deu.exe
Error: (07/18/2015 03:55:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Leonie\Desktop\esetsmartinstaller_deu.exe
Error: (07/18/2015 03:53:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Leonie\Desktop\esetsmartinstaller_deu.exe
Error: (07/18/2015 03:53:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Leonie\Desktop\esetsmartinstaller_deu.exe
Error: (07/18/2015 03:52:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\Leonie\Desktop\esetsmartinstaller_deu.exe
Error: (07/18/2015 01:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avcenter.exe15.0.11.57455659e3favcenter.exe15.0.11.57455659e3fc000040900035d80f4801d0c147bee0165dC:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe33788e99-2d40-11e5-beac-48d22421cbaa
Error: (07/18/2015 08:20:12 AM) (Source: MsiInstaller) (EventID: 1024) (User: LEO)
Description: Adobe Reader XI (11.0.11) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011012}1625(NULL)(NULL)(NULL)
Error: (07/17/2015 07:59:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11484
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 30%
Total physical RAM: 8007.27 MB
Available physical RAM: 5575.11 MB
Total Virtual: 9287.27 MB
Available Virtual: 6470.95 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:448.85 GB) (Free:328.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0D620F07)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
18.07.2015, 21:54
| #6 | ||||||||||
| /// TB-Ausbilder | "WinloadSDA.Gen" und andere FundeHinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall TuneUp Utilities 2014. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ --> "WinloadSDA.Gen" und andere Funde |
|
19.07.2015, 09:50
| #7 |
| | "WinloadSDA.Gen" und andere Funde Hallo Matthias, vielen Dank dir für die Tipps! Deine Schritt-für-Schritt-Anweisungen waren sehr hilfreich. Jetzt dürfte dank dir alles wieder in Ordnung sein. Einen schönen Tag und viele Grüße, Hannes |
|
19.07.2015, 11:21
| #8 |
| /// TB-Ausbilder | "WinloadSDA.Gen" und andere Funde Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________ Das Trojaner-Board unterstützen |
|
| Themen zu "WinloadSDA.Gen" und andere Funde |
| adware, avira, bonjour, browserhelper.exe.vir, converter, cpu, defender, desktop, dllhost.exe, failed, firefox 39.0, flash player, hdd0(c:), installation, launch, manifest.json.vir, mozilla, musik, programm, prozesse, realtek, registry, required, scan, security, services.exe, srptsl.exe.vir, super, svchost.exe, symantec, udp, viren, windows, winloadsda.gen, wlan |
+ R Taste und schreibe Combofix /Uninstall in das 
