Trojaner-Board - Notebook Instandsetzung Win 7

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Notebook Instandsetzung Win 7 (https://www.trojaner-board.de/155318-notebook-instandsetzung-win-7-a.html)

Notebook Instandsetzung Win 7

Guten Tag liebe Community,

Ich habe ja schon mal vor längerem mal ein Thema hier erstellt und wende mich erneut an Euch.
Dieses mal geht es um mein Notebook. Beim öffnen des Internetbrowsers lassen sich einige Toolbars finden unter anderem die von Yontoo, die ich nicht deinstallieren kann. Außerdem gibt es etliche Banner am Horizont. Auch sonst muss man sagen, dass das Notebook ziemlich Träge läuft und ich einige Ordner auf der Festplatte habe, bei denen ich keine Ahnung habe zu welchem Programm die überhaupt gehören. Wenn es möglich ist diese Probleme zu beseitigen, wäre ich Euch sehr dankbar.

Mfg

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by Acer (administrator) on ACER-PC on 16-06-2014 18:12:45

Running from C:\Users\Acer\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Acer Incorporated) C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(NCSOFT) C:\Program Files (x86)\NCSOFT\WildStar\Wildstar.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Symantec Corporation) C:\Users\Acer\AppData\Local\Temp\7zS402B.tmp\SymNRT.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2098792 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1064224 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)

HKLM\...\Run: [ODDPwr] => C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe [223264 2010-04-22] (Acer Incorporated)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKU\S-1-5-21-3255623910-461961860-3241776380-1000\...\MountPoints2: {499e2042-e868-11e1-80eb-60eb691f8901} - E:\pushinst.exe

HKU\S-1-5-21-3255623910-461961860-3241776380-1000\...\MountPoints2: {4d86cc90-f36e-11e2-9ccd-60eb691f8901} - E:\Startme.exe

HKU\S-1-5-21-3255623910-461961860-3241776380-1000\...\MountPoints2: {ee355a19-1da6-11e1-8358-60eb691f8901} - E:\pushinst.exe

HKU\S-1-5-21-3255623910-461961860-3241776380-1005\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD5000BEVT-22A0RT0_WD-WX11A808123881238&ts=1375965061

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD5000BEVT-22A0RT0_WD-WX11A808123881238&ts=1375965061

URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD5000BEVT-22A0RT0_WD-WX11A808123881238&ts=1375965062

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD5000BEVT-22A0RT0_WD-WX11A808123881238&ts=1375965062

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=34d3ddb5-6cd2-42af-86d0-bc7fdb24cf56&searchtype=ds&q={searchTerms}&installDate=01/01/1970

SearchScopes: HKCU - DefaultScope {143F9DD4-F6E8-4C74-96DC-25E74A65D63B} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=fe96103f000000000000bc05430d6749&r=46

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=34d3ddb5-6cd2-42af-86d0-bc7fdb24cf56&searchtype=ds&q={searchTerms}&installDate=01/01/1970

SearchScopes: HKCU - {143F9DD4-F6E8-4C74-96DC-25E74A65D63B} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=fe96103f000000000000bc05430d6749&r=46

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE449DE449

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No File

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-07]
 

Chrome: 

=======

CHR HomePage: https://www.google.de/

CHR StartupUrls: "hxxp://google.de/"

CHR Extension: (Bazaar Friend) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2013-12-25]

CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Acer\AppData\Local\BazaarFriend.crx [2013-07-31]

CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Acer\AppData\Local\BazaarFriend.crx [2013-07-31]

CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Acer\AppData\Local\BazaarFriend.crx [2013-07-31]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)

R2 ODDPwrSvc; C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [171040 2010-04-22] (Acer Incorporated)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-26] ()
 

==================== Drivers (Whitelisted) ====================
 

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)

S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

R4 BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [X]

R4 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [X]

R4 IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140520.001\IDSvia64.sys [X]

R4 NBVol; system32\DRIVERS\NBVol.sys [X]

R4 NBVolUp; system32\DRIVERS\NBVolUp.sys [X]

U4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [X]

R4 SymDS; system32\drivers\NISx64\1503000.00C\SYMDS64.SYS [X]

R4 SymEFA; system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [X]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-16 18:12 - 2014-06-16 18:14 - 00016520 _____ () C:\Users\Acer\Downloads\FRST.txt

2014-06-16 18:12 - 2014-06-16 18:12 - 00000000 ____D () C:\FRST

2014-06-16 18:09 - 2014-06-16 18:10 - 02081280 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe

2014-06-16 17:10 - 2014-06-16 17:11 - 00869456 _____ () C:\Users\Acer\Downloads\Norton_Removal_Tool21002.exe

2014-06-16 17:05 - 2014-06-16 17:05 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute

2014-06-16 17:03 - 2014-06-16 17:03 - 00001186 _____ () C:\Users\Public\Desktop\WildStar.lnk

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\NCSOFT

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\Users\Acer\AppData\Local\NCSOFT

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\Program Files (x86)\NCSOFT

2014-06-16 17:02 - 2014-06-16 17:02 - 10332632 _____ (NCSOFT) C:\Users\Acer\Downloads\Wildstar.exe

2014-06-11 18:15 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-11 18:15 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-11 18:15 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-11 18:15 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-11 18:15 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-11 18:15 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-11 18:15 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-11 18:15 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-11 18:15 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-11 18:15 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-11 18:15 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-11 18:15 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-11 18:15 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-11 18:15 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-11 18:15 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-11 18:15 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-11 18:15 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-11 18:15 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-11 18:15 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 18:15 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-11 18:15 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-11 18:15 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-11 18:15 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-11 18:15 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-11 18:15 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-11 18:15 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-11 18:15 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-11 18:15 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-11 18:15 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-11 18:15 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-11 18:15 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-11 18:15 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-11 18:15 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-11 18:15 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-11 18:15 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-11 18:15 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-11 18:15 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-11 18:15 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-11 18:15 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-11 18:15 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-11 18:15 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-11 18:15 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-11 18:15 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-11 18:15 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-11 18:15 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-11 18:15 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-11 18:15 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-11 18:15 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-11 18:15 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-11 18:15 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-11 18:15 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-11 18:15 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-11 18:15 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-06-11 18:15 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-06-11 18:15 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-06-11 18:15 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-06-11 18:15 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 18:15 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-06-11 18:15 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-06-11 18:15 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-06-11 18:15 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-06-11 18:15 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-06-11 18:15 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-06-11 18:15 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-06-11 18:15 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-06-11 18:15 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-06-03 23:04 - 2014-06-03 23:04 - 00000000 ____D () C:\Users\Acer\Desktop\multilex

2014-05-28 17:20 - 2014-05-28 17:20 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
 

==================== One Month Modified Files and Folders =======
 

2014-06-16 18:14 - 2014-06-16 18:12 - 00016520 _____ () C:\Users\Acer\Downloads\FRST.txt

2014-06-16 18:14 - 2013-12-25 15:10 - 00000284 _____ () C:\Windows\Tasks\FoxTab.job

2014-06-16 18:14 - 2011-09-09 14:50 - 00000000 ____D () C:\Users\Acer\AppData\Local\Temp

2014-06-16 18:12 - 2014-06-16 18:12 - 00000000 ____D () C:\FRST

2014-06-16 18:11 - 2011-06-09 01:25 - 01997196 _____ () C:\Windows\WindowsUpdate.log

2014-06-16 18:10 - 2014-06-16 18:09 - 02081280 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe

2014-06-16 18:03 - 2011-09-12 19:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-16 18:03 - 2011-09-12 19:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-16 17:49 - 2013-05-24 19:49 - 00000282 _____ () C:\Windows\Tasks\DSite.job

2014-06-16 17:31 - 2012-04-04 10:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-16 17:24 - 2013-12-28 14:48 - 00000000 ____D () C:\Users\Acer\AppData\Local\PMB Files

2014-06-16 17:15 - 2014-04-21 19:24 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared

2014-06-16 17:15 - 2014-04-21 19:22 - 00000000 ____D () C:\ProgramData\Norton

2014-06-16 17:13 - 2014-04-21 19:22 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security

2014-06-16 17:11 - 2014-06-16 17:10 - 00869456 _____ () C:\Users\Acer\Downloads\Norton_Removal_Tool21002.exe

2014-06-16 17:06 - 2010-09-06 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-06-16 17:05 - 2014-06-16 17:05 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute

2014-06-16 17:05 - 2011-06-09 01:42 - 00001024 ___RH () C:\Users\Public\Documents\NTIMMV9Acer.dll

2014-06-16 17:05 - 2011-06-09 01:42 - 00000000 ____D () C:\Program Files (x86)\NTI

2014-06-16 17:03 - 2014-06-16 17:03 - 00001186 _____ () C:\Users\Public\Desktop\WildStar.lnk

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\NCSOFT

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\Users\Acer\AppData\Local\NCSOFT

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT

2014-06-16 17:03 - 2014-06-16 17:03 - 00000000 ____D () C:\Program Files (x86)\NCSOFT

2014-06-16 17:02 - 2014-06-16 17:02 - 10332632 _____ (NCSOFT) C:\Users\Acer\Downloads\Wildstar.exe

2014-06-16 17:00 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-16 17:00 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-16 16:58 - 2013-07-08 22:13 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-06-16 16:54 - 2011-09-20 23:14 - 00000000 ____D () C:\Users\Acer\AppData\Roaming\Skype

2014-06-16 16:52 - 2014-04-21 19:28 - 00010808 _____ () C:\Windows\setupact.log

2014-06-16 16:52 - 2011-06-09 01:31 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-16 16:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-15 21:22 - 2011-09-20 23:51 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{755F5B50-2410-42B3-A9EE-C245CE1D9CD1}

2014-06-11 21:14 - 2013-07-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 21:12 - 2011-10-05 22:14 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-11 21:12 - 2011-09-22 06:15 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-03 23:04 - 2014-06-03 23:04 - 00000000 ____D () C:\Users\Acer\Desktop\multilex

2014-06-03 22:51 - 2011-06-09 11:17 - 00905596 _____ () C:\Windows\system32\perfh007.dat

2014-06-03 22:51 - 2011-06-09 11:17 - 00217762 _____ () C:\Windows\system32\perfc007.dat

2014-06-03 22:51 - 2009-07-14 07:13 - 00006746 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-30 12:21 - 2014-06-11 18:15 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-30 12:02 - 2014-06-11 18:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-30 12:02 - 2014-06-11 18:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-05-30 11:45 - 2014-06-11 18:15 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-05-30 11:39 - 2014-06-11 18:15 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-05-30 11:39 - 2014-06-11 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-05-30 11:38 - 2014-06-11 18:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-05-30 11:28 - 2014-06-11 18:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-05-30 11:27 - 2014-06-11 18:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-05-30 11:24 - 2014-06-11 18:15 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-05-30 11:21 - 2014-06-11 18:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-05-30 11:21 - 2014-06-11 18:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-05-30 11:20 - 2014-06-11 18:15 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-05-30 11:18 - 2014-06-11 18:15 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-30 11:11 - 2014-06-11 18:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-05-30 11:08 - 2014-06-11 18:15 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-05-30 11:06 - 2014-06-11 18:15 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-05-30 11:02 - 2014-06-11 18:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-30 10:55 - 2014-06-11 18:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-05-30 10:49 - 2014-06-11 18:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-05-30 10:46 - 2014-06-11 18:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-30 10:44 - 2014-06-11 18:15 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-05-30 10:44 - 2014-06-11 18:15 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-05-30 10:43 - 2014-06-11 18:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-05-30 10:42 - 2014-06-11 18:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-05-30 10:38 - 2014-06-11 18:15 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-05-30 10:35 - 2014-06-11 18:15 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-05-30 10:34 - 2014-06-11 18:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-05-30 10:33 - 2014-06-11 18:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-05-30 10:30 - 2014-06-11 18:15 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-05-30 10:29 - 2014-06-11 18:15 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-05-30 10:28 - 2014-06-11 18:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-05-30 10:27 - 2014-06-11 18:15 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-05-30 10:24 - 2014-06-11 18:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-05-30 10:23 - 2014-06-11 18:15 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-05-30 10:16 - 2014-06-11 18:15 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-05-30 10:10 - 2014-06-11 18:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-05-30 10:06 - 2014-06-11 18:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-05-30 10:04 - 2014-06-11 18:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-30 10:02 - 2014-06-11 18:15 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-05-30 09:56 - 2014-06-11 18:15 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-05-30 09:56 - 2014-06-11 18:15 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-05-30 09:54 - 2014-06-11 18:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-05-30 09:50 - 2014-06-11 18:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-05-30 09:49 - 2014-06-11 18:15 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-05-30 09:43 - 2014-06-11 18:15 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-05-30 09:40 - 2014-06-11 18:15 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-05-30 09:30 - 2014-06-11 18:15 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-05-30 09:21 - 2014-06-11 18:15 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-05-30 09:15 - 2014-06-11 18:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-05-30 09:13 - 2014-06-11 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-05-30 09:13 - 2014-06-11 18:15 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-05-28 17:20 - 2014-05-28 17:20 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-28 17:16 - 2014-03-10 13:29 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-05-28 17:16 - 2011-09-20 23:11 - 00000000 ____D () C:\ProgramData\Skype

2014-05-28 17:14 - 2014-04-21 19:24 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-28 17:14 - 2014-04-21 19:22 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-05-18 22:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-05-18 14:48 - 2011-09-09 14:52 - 00000000 ___RD () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-18 14:48 - 2011-09-09 14:52 - 00000000 ___RD () C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-18 14:48 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-05-18 14:36 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-05-17 22:44 - 2014-04-30 22:43 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-05-17 18:03 - 2011-09-09 14:50 - 00000000 ____D () C:\Users\Acer
 

Some content of TEMP:

====================

C:\Users\Acer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Acer\AppData\Local\Temp\SpotifyUninstall.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-08 14:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Description: Nur zur Information.

Too many failures while downloading ranges: 2
 
 

System errors:

=============

Error: (06/16/2014 05:11:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (06/13/2014 06:15:00 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎13.‎06.‎2014 um 18:13:05 unerwartet heruntergefahren.
 

Error: (06/13/2014 06:11:29 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 

Error: (06/08/2014 06:45:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (06/01/2014 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)

Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)

Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 

Error: (06/01/2014 05:47:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-04-05 21:12:14.850

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.848

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.845

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.832

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.829

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.827

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.582

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.580

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.577

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.542

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 79%

Total physical RAM: 3958.76 MB

Available physical RAM: 819.99 MB

Total Pagefile: 7915.7 MB

Available Pagefile: 5964.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:288.08 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72598FA2)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

hi,

Addition.txt ist unvollständig.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014

Ran by Acer at 2014-06-16 18:14:50

Running from C:\Users\Acer\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 

==================== Installed Programs ======================
 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)

Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.3 - Liteon)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0720.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)

Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden

DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)

DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.8.5.1 - DVDVideoSoftTB)

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)

Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)

Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden

Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60130.00 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)

Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden

NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)

Optical Drive Power Management (HKLM-x32\...\{AE09C972-EEB2-4DA5-8090-0FCF54576854}) (Version: 1.01.3007 - Acer Incorporated)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

pisse (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.051 - Yontoo LLC) <==== ATTENTION

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden

Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)

Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Zip Opener (HKCU\...\DSite) (Version:  - ) <==== ATTENTION

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden

Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)

WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)

Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 

==================== Restore Points  =========================
 

27-05-2014 13:43:04 Windows Update

27-05-2014 13:47:19 Windows-Sicherung

30-05-2014 16:43:55 Windows Update

01-06-2014 17:00:13 Windows-Sicherung

03-06-2014 07:13:54 Windows Update

07-06-2014 15:48:45 Windows Update

08-06-2014 17:00:08 Windows-Sicherung

11-06-2014 19:08:14 Windows Update

15-06-2014 17:00:12 Windows-Sicherung

16-06-2014 14:55:49 Removed Microsoft Office 2003 Web Components

16-06-2014 14:57:48 Removed League of Legends

16-06-2014 15:04:26 Configured NTI Media Maker 9

16-06-2014 15:21:33 Removed Nero Kwik Media.

16-06-2014 15:25:22 Removed Nero Backup Drivers.
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {1D64714F-8038-451A-8BD9-FF2A5DE1E46A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {24F05D28-22BA-4743-BEB9-5CA345ACC7C9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe

Task: {343B69B2-75F9-4C59-823F-A16A6B59E1E2} - System32\Tasks\{B663E621-0953-4F5E-95E0-67C43773560B} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded

Task: {3AE73A22-F52C-4525-93A2-0D62D34CEF0F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe

Task: {3C45B107-04CC-4477-9AE6-DCC1102F4878} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12] (Google Inc.)

Task: {44F114B3-0EAD-4346-BFB6-905697876A09} - \DSite No Task File <==== ATTENTION

Task: {508BE873-F1B7-4D03-94CF-57B888E31F2D} - System32\Tasks\FoxTab => C:\Users\Acer\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {685C8DB7-429D-4611-A91F-4019D6458C85} - System32\Tasks\{5947C399-6191-492D-92D2-0B4A054A6EF6} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded

Task: {6CA97405-0E88-46E1-9D97-E2703276278D} - System32\Tasks\{662ED1C1-2D79-4A36-A934-F4084593E034} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/ru/abandoninstall?page=tsProgressBar

Task: {903404DD-32CA-4C13-B32E-28128E48A102} - System32\Tasks\Digital Sites => C:\Users\Acer\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {B27BC346-9EA4-4194-907D-1AF72F3F07FA} - System32\Tasks\SpottyFiles Update => C:\Program Files (x86)\SpottyFiles\SpottyFilesUpdater.exe

Task: {B91B3943-C818-4C42-ABD7-EE9486D646F7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe

Task: {BD048225-E8A7-4DDB-A762-353C82631216} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {D4201DFD-8C91-45BC-A51D-AD65A4FF0F3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)

Task: {E8E09FF1-CAC3-4C6E-95ED-12D1CB383C95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12] (Google Inc.)

Task: {F46B7A26-5A56-41E8-8576-46657984EEA4} - System32\Tasks\{84AFD44E-7231-4FFD-BC03-F45E552BF348} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Acer\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\DSite.job => C:\Users\Acer\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Acer\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-10-29 23:52 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-01-15 13:10 - 2013-07-26 00:37 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2014-02-16 15:44 - 2014-02-16 15:44 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll

2010-09-06 12:35 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2014-06-15 15:06 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-15 15:06 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-15 15:06 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-15 15:06 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-15 15:06 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2

AlternateDataStreams: C:\ProgramData\Temp:798A3728

AlternateDataStreams: C:\ProgramData\Temp:93EB7685

AlternateDataStreams: C:\ProgramData\Temp:E36F5B57

AlternateDataStreams: C:\ProgramData\Temp:E3C56885
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

MSCONFIG\startupfolder: C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup

MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Acer\AppData\Local\Akamai\netsession_win.exe"

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam\steam\steam.exe" -silent
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-Adapter für Miniports virtueller WiFis

Description: Microsoft-Adapter für Miniports virtueller WiFis

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/16/2014 05:25:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (06/16/2014 05:25:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SymEvent.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (06/16/2014 05:25:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (06/16/2014 05:22:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (06/16/2014 05:22:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SymEvent.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (06/16/2014 05:22:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (06/16/2014 05:02:32 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Nur zur Information.

(Stream product id=0x0066): Streaming Failed
 

Error: (06/16/2014 05:00:15 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Nur zur Information.

Too many failures while downloading ranges: 2
 

Error: (06/15/2014 02:53:59 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Nur zur Information.

(Stream product id=0x0066): Streaming Failed
 

Error: (06/15/2014 02:51:42 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Nur zur Information.

Too many failures while downloading ranges: 2
 
 

System errors:

=============

Error: (06/16/2014 05:11:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (06/13/2014 06:15:00 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎13.‎06.‎2014 um 18:13:05 unerwartet heruntergefahren.
 

Error: (06/13/2014 06:11:29 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 

Error: (06/08/2014 06:45:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (06/01/2014 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)

Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
 

Error: (06/01/2014 05:58:09 PM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)

Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
 

Error: (06/01/2014 05:47:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-04-05 21:12:14.850

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.848

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.845

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.832

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.829

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-04-05 21:12:14.827

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.582

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.580

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.577

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-03-28 22:44:14.542

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 79%

Total physical RAM: 3958.76 MB

Available physical RAM: 819.99 MB

Total Pagefile: 7915.7 MB

Available Pagefile: 5964.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:288.08 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72598FA2)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Mehr hab ich nicht.

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 14-06-16.01 - Acer 17.06.2014  14:18:21.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2312 [GMT 2:00]

ausgeführt von:: c:\users\Acer\Downloads\ComboFix.exe

AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Acer\AppData\Local\._Revolution_

c:\users\Acer\AppData\Local\TempDIR

c:\users\Public\Documents\NTIMMV9Acer.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-05-17 bis 2014-06-17  ))))))))))))))))))))))))))))))

.

.

2014-06-17 12:30 . 2014-06-17 12:30        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2014-06-17 12:30 . 2014-06-17 12:30        --------        d-----w-        c:\users\hedev\AppData\Local\temp

2014-06-17 12:30 . 2014-06-17 12:30        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-06-17 11:57 . 2014-06-17 11:57        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-06-17 11:35 . 2014-06-17 11:35        --------        d-----w-        c:\users\TEMP

2014-06-17 01:43 . 2014-06-17 01:43        --------        d-----w-        c:\program files (x86)\Common Files\Java

2014-06-17 01:42 . 2014-06-17 01:42        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-06-17 01:41 . 2014-06-17 01:41        --------        d-----w-        c:\users\Acer\AppData\Roaming\AVG2014

2014-06-17 01:39 . 2014-06-17 01:39        --------        d-----w-        C:\$AVG

2014-06-17 01:39 . 2014-06-17 01:40        --------        d-----w-        c:\programdata\AVG2014

2014-06-17 01:38 . 2014-06-17 01:38        --------        d-----w-        c:\program files (x86)\AVG

2014-06-17 01:31 . 2014-06-17 12:09        --------        d-----w-        c:\programdata\MFAData

2014-06-17 01:31 . 2014-06-17 01:41        --------        d-----w-        c:\users\Acer\AppData\Local\Avg2014

2014-06-17 01:31 . 2014-06-17 01:31        --------        d-----w-        c:\users\Acer\AppData\Local\MFAData

2014-06-16 19:57 . 2014-06-16 19:57        --------        d-----w-        c:\program files\AdTrustMedia

2014-06-16 19:37 . 2014-06-16 19:37        --------        d-----w-        c:\users\Acer\AppData\Local\AdTrustMedia

2014-06-16 19:35 . 2014-06-16 19:35        1700352        ----a-w-        c:\windows\SysWow64\gdiplus.dll

2014-06-16 19:34 . 2014-06-16 19:34        --------        d-----w-        c:\programdata\Adtrustmedia

2014-06-16 19:34 . 2014-06-17 01:33        --------        d-----w-        c:\program files\COMODO

2014-06-16 19:33 . 2014-06-16 19:33        57096        ----a-w-        c:\windows\system32\certsentry.dll

2014-06-16 19:32 . 2014-06-17 01:33        --------        d-----w-        c:\programdata\Comodo

2014-06-16 17:35 . 2014-06-16 17:35        --------        d-----w-        c:\users\Acer\AppData\Roaming\BijiPlates

2014-06-16 16:12 . 2014-06-16 16:16        --------        d-----w-        C:\FRST

2014-06-16 15:03 . 2014-06-16 15:03        --------        d-----w-        c:\users\Acer\AppData\Roaming\NCSOFT

2014-06-16 15:03 . 2014-06-16 15:03        --------        d-----w-        c:\users\Acer\AppData\Local\NCSOFT

2014-06-16 15:03 . 2014-06-16 15:03        --------        d-----w-        c:\program files (x86)\NCSOFT

2014-06-14 18:44 . 2014-04-30 23:20        10702536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA4A6280-0BB1-46AD-BB21-F00A4866C43D}\mpengine.dll

2014-05-28 15:16 . 2014-05-28 15:16        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2014-05-27 14:05 . 2014-06-16 15:15        --------        d-----w-        c:\windows\system32\drivers\NISx64\1503000.00C

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-06-11 19:12 . 2011-09-22 04:15        95414520        ----a-w-        c:\windows\system32\MRT.exe

2014-05-15 17:31 . 2012-04-04 08:51        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-05-15 17:31 . 2011-09-17 07:57        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-15 17:31 . 2014-05-15 17:31        17938608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-05-13 12:20 . 2014-05-13 12:20        235800        ----a-w-        c:\windows\system32\drivers\avgldx64.sys

2014-05-13 12:20 . 2014-05-13 12:20        273176        ----a-w-        c:\windows\system32\drivers\avgtdia.sys

2014-05-13 12:06 . 2014-05-13 12:06        323352        ----a-w-        c:\windows\system32\drivers\avgloga.sys

2014-05-13 12:05 . 2014-05-13 12:05        191768        ----a-w-        c:\windows\system32\drivers\avgidsha.sys

2014-05-13 12:05 . 2014-05-13 12:05        152344        ----a-w-        c:\windows\system32\drivers\avgdiska.sys

2014-05-13 12:05 . 2014-05-13 12:05        130328        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys

2014-05-13 12:04 . 2014-05-13 12:04        236312        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys

2014-05-13 12:04 . 2014-05-13 12:04        31512        ----a-w-        c:\windows\system32\drivers\avgrkx64.sys

2014-05-09 06:14 . 2014-05-15 16:11        477184        ----a-w-        c:\windows\system32\aepdu.dll

2014-05-09 06:11 . 2014-05-15 16:11        424448        ----a-w-        c:\windows\system32\aeinv.dll

2014-04-12 02:22 . 2014-05-15 16:11        95680        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2014-04-12 02:22 . 2014-05-15 16:11        155072        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2014-04-12 02:19 . 2014-05-15 16:11        29184        ----a-w-        c:\windows\system32\sspisrv.dll

2014-04-12 02:19 . 2014-05-15 16:11        136192        ----a-w-        c:\windows\system32\sspicli.dll

2014-04-12 02:19 . 2014-05-15 16:11        28160        ----a-w-        c:\windows\system32\secur32.dll

2014-04-12 02:19 . 2014-05-15 16:11        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-04-12 02:19 . 2014-05-15 16:11        31232        ----a-w-        c:\windows\system32\lsass.exe

2014-04-12 02:12 . 2014-05-15 16:11        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-04-12 02:10 . 2014-05-15 16:11        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2014-03-31 20:46 . 2014-03-31 20:46        130712        ----a-w-        c:\windows\SysWow64\MSSTDFMT.DLL

2014-03-31 20:46 . 2014-03-31 20:46        1070232        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX

2014-03-31 07:35 . 2011-11-15 14:02        270496        ------w-        c:\windows\system32\MpSigStub.exe

2014-03-25 02:43 . 2014-05-15 16:11        14175744        ----a-w-        c:\windows\system32\shell32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]

S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-15 13:04        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:31]

.

2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 17:58]

.

2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 17:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-22 2098792]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-08 1064224]

"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = https://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com

Trusted Zone: aeriagames.com

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1 192.168.0.2

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll

Toolbar-Locked - (no file)

Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll

ShellIconOverlayIdentifiers-{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} - c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll

ShellIconOverlayIdentifiers-{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} - c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll

ShellIconOverlayIdentifiers-{95DDC869-FC98-4D47-BD34-2EDC9AA09C01} - c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll

ShellIconOverlayIdentifiers-{2CDD871E-60EB-40BD-9721-A1CB57042F75} - c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll

Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe

Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-DVDVideoSoftTB Toolbar - c:\program files (x86)\DVDVideoSoftTB\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3255623910-461961860-3241776380-1000\Software\SecuROM\License information*]

"datasecu"=hex:6d,8c,4f,04,58,25,d3,4a,9a,49,9a,e2,bb,a7,a8,83,30,4a,5b,1a,18,

   11,9f,bc,f1,45,6d,d9,ba,fd,14,93,9b,67,39,6f,12,93,0e,8d,3d,2a,92,ee,3b,66,\

"rkeysecu"=hex:58,c1,3d,93,5f,ff,c6,70,a6,d9,70,0a,50,b1,a5,73

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.13"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-06-17  14:34:02

ComboFix-quarantined-files.txt  2014-06-17 12:34

.

Vor Suchlauf: 16 Verzeichnis(se), 356.652.052.480 Bytes frei

Nach Suchlauf: 24 Verzeichnis(se), 356.841.418.752 Bytes frei

.

- - End Of File - - 1D47810AE8AC6228C5F7A7CAD04B2584

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Ich bin für 2 Wochen im Urlaub und werde daher nichts posten können.