Unwissender1 | 30.01.2015 12:07 | Hier die Fix List.
Ja ist installiert und hat mir das nach dem Download angezeigt.
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by ar-sports (administrator) on AR-SPORTS-PC on 30-01-2015 09:04:18
Running from C:\Users\ar-sports\Downloads\FRST-OlderVersion
Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\Media remote\Media remote.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] ()
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-02-01] (May Software)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [184880 2011-07-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885043606-201990974-2310804300-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> {0717C853-92C3-0B8F-FF07-6E168161B86D} URL =
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.100
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20
FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-09-10]
FF HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Firefox\Extensions: [{284fed43-2e13-4afe-8aeb-50827d510e20}] - C:\Program Files (x86)\Re-markit\135.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21]
CHR Extension: (Google Drive) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]
CHR Extension: (Google-Suche) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]
CHR Extension: (Google Wallet) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR Extension: (Google Mail) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-10-28] (CyberLink)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] () [File not signed]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] () [File not signed]
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2005-06-09] (IBM Corporation) [File not signed]
R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-13] (Egis Technology Inc. )
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-07] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-18] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2011-01-18] (Intel(R) Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 09:03 - 2015-01-30 09:03 - 00004051 _____ () C:\Users\ar-sports\Desktop\Fixlist.txt
2015-01-29 23:49 - 2015-01-29 23:50 - 00000000 ____D () C:\13508aa44d652281d0ffe991
2015-01-29 20:30 - 2015-01-29 20:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Bildcomputer
2015-01-29 20:15 - 2015-01-30 09:04 - 00000000 ____D () C:\Users\ar-sports\Downloads\FRST-OlderVersion
2015-01-29 20:15 - 2015-01-29 20:16 - 00039047 _____ () C:\Users\ar-sports\Downloads\FRST.txt
2015-01-29 20:15 - 2015-01-29 20:16 - 00031322 _____ () C:\Users\ar-sports\Downloads\Addition.txt
2015-01-29 20:07 - 2015-01-29 20:07 - 00852573 _____ () C:\Users\ar-sports\Desktop\SecurityCheck.exe
2015-01-29 15:24 - 2015-01-29 15:24 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - ccfcbbb1da5f42e29333bd39eac1e2ab07e06d474b3648d0af4f25925603686c
2015-01-29 08:53 - 2015-01-29 08:53 - 01707939 _____ (Thisisu) C:\Users\ar-sports\Desktop\JRT.exe
2015-01-29 08:40 - 2015-01-29 08:40 - 02194432 _____ () C:\Users\ar-sports\Desktop\AdwCleaner_4.109.exe
2015-01-29 07:49 - 2015-01-30 07:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 07:49 - 2015-01-29 07:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-29 07:47 - 2015-01-29 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ar-sports\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 23:50 - 2015-01-28 23:51 - 00000000 ____D () C:\e5af0b43c0ead705e8f5a70b8555
2015-01-28 19:15 - 2015-01-28 19:15 - 00033772 _____ () C:\ComboFix.txt
2015-01-28 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 18:55 - 2015-01-28 19:15 - 00000000 ____D () C:\Qoobox
2015-01-28 18:55 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 18:54 - 2015-01-28 18:54 - 05610841 ____R (Swearware) C:\Users\ar-sports\Desktop\ComboFix.exe
2015-01-28 18:23 - 2015-01-28 18:23 - 00001268 _____ () C:\Users\ar-sports\Desktop\Revo Uninstaller.lnk
2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-28 18:22 - 2015-01-28 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ar-sports\Downloads\revosetup95.exe
2015-01-28 13:28 - 2015-01-28 13:29 - 00000000 ____D () C:\9a8479723a599ea3c91ede
2015-01-28 08:42 - 2015-01-28 08:43 - 00000000 ____D () C:\5ec6513707ea3739629bac1bb9e073
2015-01-28 04:09 - 2015-01-30 09:04 - 00000000 ____D () C:\FRST
2015-01-28 00:01 - 2015-01-28 00:01 - 00000000 ____D () C:\8ed94f21db07ead1de5b4b47817232
2015-01-27 18:52 - 2015-01-29 20:15 - 02130432 _____ (Farbar) C:\Users\ar-sports\Downloads\FRST64.exe
2015-01-26 23:45 - 2015-01-26 23:46 - 00000000 ____D () C:\260044cb1e8dfa06e556a3b12f3868
2015-01-25 23:47 - 2015-01-25 23:48 - 00000000 ____D () C:\abd2c10a63f765a5b5741677
2015-01-25 21:20 - 2015-01-25 21:20 - 00001861 _____ () C:\Users\ar-sports\Desktop\UseNeXT by Tangysoft.lnk
2015-01-25 21:20 - 2015-01-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-01-25 21:06 - 2015-01-25 21:06 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\ar-sports\Downloads\UseNeXTSetup_5.64.exe
2015-01-25 14:25 - 2015-01-25 14:31 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Samsung
2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch
2015-01-25 13:56 - 2015-01-30 08:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\8908D6CF-FA27-41F6-911D-151CEE0547DD.aplzod
2015-01-25 13:38 - 2015-01-25 13:39 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup (1).exe
2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-25 13:31 - 2015-01-25 13:33 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup.exe
2015-01-25 00:09 - 2015-01-25 00:10 - 00000000 ____D () C:\567f23d61e19196654ff15f6d11c7d
2015-01-24 00:13 - 2015-01-24 00:13 - 00000000 ____D () C:\7b97ffe15426a80f1fa531e9
2015-01-23 00:05 - 2015-01-23 00:06 - 00000000 ____D () C:\89cf8cad9273348b3978
2015-01-21 23:56 - 2015-01-21 23:57 - 00000000 ____D () C:\e8d3e4ba50f785c1c8
2015-01-21 17:14 - 2015-01-21 17:14 - 00000891 _____ () C:\Users\ar-sports\Desktop\iPhone von Andi - Verknüpfung.lnk
2015-01-21 17:05 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-21 16:39 - 2015-01-21 17:05 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-21 16:39 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-21 16:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files\iTunes
2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-21 16:38 - 2015-01-21 16:38 - 00000000 ____D () C:\Program Files\iPod
2015-01-21 16:33 - 2015-01-21 16:36 - 122418480 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\iTunes64Setup (1).exe
2015-01-20 23:29 - 2015-01-20 23:30 - 00000000 ____D () C:\e8bd0b5a87fe32c4ee
2015-01-19 23:13 - 2015-01-19 23:13 - 00000000 ____D () C:\5e7e451a0cf836eaaab73e2081786c
2015-01-19 17:07 - 2015-01-19 17:08 - 00000000 ____D () C:\8249325112d6e9bc1f611f
2015-01-14 22:30 - 2015-01-14 22:30 - 00013844 _____ () C:\Users\ar-sports\Documents\Kopie von Logistikaufstellung DAVID 2015.xlsx
2015-01-14 08:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 16:36 - 2015-01-13 16:36 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - b39ff3e4de754a48ad14dfb13da642efb9b0e44ec9ba4f87be1144be0cdef85e
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 08:57 - 2012-04-18 13:58 - 00000000 ____D () C:\Users\ar-sports\Documents\Outlook-Dateien
2015-01-30 08:51 - 2012-11-21 08:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 08:31 - 2013-04-25 18:45 - 00000000 ____D () C:\Users\ar-sports\Desktop\Nürburgring
2015-01-30 08:20 - 2011-09-10 02:35 - 02014907 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 08:17 - 2012-08-12 20:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 07:01 - 2013-11-23 15:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-30 07:01 - 2012-11-21 08:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 07:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 07:01 - 2009-07-14 05:51 - 00140897 _____ () C:\Windows\setupact.log
2015-01-29 17:02 - 2014-10-16 12:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Schneeräumen
2015-01-29 08:45 - 2010-11-21 04:47 - 00433990 _____ () C:\Windows\PFRO.log
2015-01-29 08:44 - 2013-11-12 18:51 - 00000000 ____D () C:\AdwCleaner
2015-01-29 08:38 - 2014-12-27 15:54 - 00000000 ____D () C:\Users\ar-sports\Desktop\Autos
2015-01-29 07:49 - 2013-11-12 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 19:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-27 22:30 - 2012-07-12 20:12 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\vlc
2015-01-27 18:06 - 2011-09-10 12:28 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 18:06 - 2011-09-10 12:28 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 18:06 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 07:53 - 2014-01-21 08:03 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 21:20 - 2012-04-19 11:31 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-01-25 21:18 - 2012-04-18 17:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\UseNeXT
2015-01-25 21:13 - 2013-05-05 13:49 - 00000000 ____D () C:\Program Files (x86)\Racelogic
2015-01-25 15:47 - 2012-05-12 12:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Dropbox
2015-01-25 14:53 - 2012-05-28 09:20 - 00012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 13:56 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Apple Computer
2015-01-25 13:41 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Apple Computer
2015-01-25 13:33 - 2013-11-04 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-24 23:17 - 2012-08-12 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 23:17 - 2012-04-19 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:17 - 2011-08-03 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 09:18 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\ar-sports\Desktop\DavidMedien
2015-01-22 08:30 - 2012-05-12 13:01 - 00000000 ___RD () C:\Users\ar-sports\Dropbox
2015-01-21 16:38 - 2013-11-04 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-21 16:30 - 2013-11-04 10:47 - 00000000 ____D () C:\ProgramData\Apple
2015-01-21 15:28 - 2014-11-24 16:17 - 00001996 ____H () C:\Users\ar-sports\Documents\Default.rdp
2015-01-21 15:23 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-19 20:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 20:22 - 2012-04-17 16:01 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-16 23:06 - 2012-04-18 17:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Adobe
2015-01-16 21:02 - 2014-12-09 22:17 - 00000000 ____D () C:\Users\ar-sports\Desktop\Chris25
2015-01-16 00:08 - 2014-12-14 11:51 - 00000000 ____D () C:\Users\ar-sports\Desktop\AudiS3
2015-01-15 00:22 - 2013-08-14 22:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:18 - 2012-04-18 07:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:45 - 2014-07-27 16:55 - 00000000 ____D () C:\Users\ar-sports\Desktop\Aufträge_David
2015-01-13 14:31 - 2014-12-03 13:55 - 00000000 ____D () C:\ZR-Excelsicherung
2015-01-11 15:10 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2012-05-28 09:20 - 2015-01-25 14:53 - 0012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-06 14:15 - 2014-08-06 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-09-10 03:09 - 2012-04-18 15:35 - 0013715 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some content of TEMP:
====================
C:\Users\ar-sports\AppData\Local\Temp\avgnt.exe
C:\Users\ar-sports\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 10:02
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
[CODE][/CO
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by ar-sports (administrator) on AR-SPORTS-PC on 30-01-2015 09:04:18
Running from C:\Users\ar-sports\Downloads\FRST-OlderVersion
Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\Media remote\Media remote.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] ()
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-02-01] (May Software)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [184880 2011-07-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885043606-201990974-2310804300-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> {0717C853-92C3-0B8F-FF07-6E168161B86D} URL =
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.100
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20
FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-09-10]
FF HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Firefox\Extensions: [{284fed43-2e13-4afe-8aeb-50827d510e20}] - C:\Program Files (x86)\Re-markit\135.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21]
CHR Extension: (Google Drive) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]
CHR Extension: (Google-Suche) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]
CHR Extension: (Google Wallet) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR Extension: (Google Mail) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-10-28] (CyberLink)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] () [File not signed]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] () [File not signed]
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2005-06-09] (IBM Corporation) [File not signed]
R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-13] (Egis Technology Inc. )
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-07] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-18] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2011-01-18] (Intel(R) Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 09:03 - 2015-01-30 09:03 - 00004051 _____ () C:\Users\ar-sports\Desktop\Fixlist.txt
2015-01-29 23:49 - 2015-01-29 23:50 - 00000000 ____D () C:\13508aa44d652281d0ffe991
2015-01-29 20:30 - 2015-01-29 20:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Bildcomputer
2015-01-29 20:15 - 2015-01-30 09:04 - 00000000 ____D () C:\Users\ar-sports\Downloads\FRST-OlderVersion
2015-01-29 20:15 - 2015-01-29 20:16 - 00039047 _____ () C:\Users\ar-sports\Downloads\FRST.txt
2015-01-29 20:15 - 2015-01-29 20:16 - 00031322 _____ () C:\Users\ar-sports\Downloads\Addition.txt
2015-01-29 20:07 - 2015-01-29 20:07 - 00852573 _____ () C:\Users\ar-sports\Desktop\SecurityCheck.exe
2015-01-29 15:24 - 2015-01-29 15:24 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - ccfcbbb1da5f42e29333bd39eac1e2ab07e06d474b3648d0af4f25925603686c
2015-01-29 08:53 - 2015-01-29 08:53 - 01707939 _____ (Thisisu) C:\Users\ar-sports\Desktop\JRT.exe
2015-01-29 08:40 - 2015-01-29 08:40 - 02194432 _____ () C:\Users\ar-sports\Desktop\AdwCleaner_4.109.exe
2015-01-29 07:49 - 2015-01-30 07:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 07:49 - 2015-01-29 07:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-29 07:47 - 2015-01-29 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ar-sports\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 23:50 - 2015-01-28 23:51 - 00000000 ____D () C:\e5af0b43c0ead705e8f5a70b8555
2015-01-28 19:15 - 2015-01-28 19:15 - 00033772 _____ () C:\ComboFix.txt
2015-01-28 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 18:55 - 2015-01-28 19:15 - 00000000 ____D () C:\Qoobox
2015-01-28 18:55 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 18:54 - 2015-01-28 18:54 - 05610841 ____R (Swearware) C:\Users\ar-sports\Desktop\ComboFix.exe
2015-01-28 18:23 - 2015-01-28 18:23 - 00001268 _____ () C:\Users\ar-sports\Desktop\Revo Uninstaller.lnk
2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-28 18:22 - 2015-01-28 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ar-sports\Downloads\revosetup95.exe
2015-01-28 13:28 - 2015-01-28 13:29 - 00000000 ____D () C:\9a8479723a599ea3c91ede
2015-01-28 08:42 - 2015-01-28 08:43 - 00000000 ____D () C:\5ec6513707ea3739629bac1bb9e073
2015-01-28 04:09 - 2015-01-30 09:04 - 00000000 ____D () C:\FRST
2015-01-28 00:01 - 2015-01-28 00:01 - 00000000 ____D () C:\8ed94f21db07ead1de5b4b47817232
2015-01-27 18:52 - 2015-01-29 20:15 - 02130432 _____ (Farbar) C:\Users\ar-sports\Downloads\FRST64.exe
2015-01-26 23:45 - 2015-01-26 23:46 - 00000000 ____D () C:\260044cb1e8dfa06e556a3b12f3868
2015-01-25 23:47 - 2015-01-25 23:48 - 00000000 ____D () C:\abd2c10a63f765a5b5741677
2015-01-25 21:20 - 2015-01-25 21:20 - 00001861 _____ () C:\Users\ar-sports\Desktop\UseNeXT by Tangysoft.lnk
2015-01-25 21:20 - 2015-01-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-01-25 21:06 - 2015-01-25 21:06 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\ar-sports\Downloads\UseNeXTSetup_5.64.exe
2015-01-25 14:25 - 2015-01-25 14:31 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Samsung
2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch
2015-01-25 13:56 - 2015-01-30 08:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\8908D6CF-FA27-41F6-911D-151CEE0547DD.aplzod
2015-01-25 13:38 - 2015-01-25 13:39 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup (1).exe
2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-25 13:31 - 2015-01-25 13:33 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup.exe
2015-01-25 00:09 - 2015-01-25 00:10 - 00000000 ____D () C:\567f23d61e19196654ff15f6d11c7d
2015-01-24 00:13 - 2015-01-24 00:13 - 00000000 ____D () C:\7b97ffe15426a80f1fa531e9
2015-01-23 00:05 - 2015-01-23 00:06 - 00000000 ____D () C:\89cf8cad9273348b3978
2015-01-21 23:56 - 2015-01-21 23:57 - 00000000 ____D () C:\e8d3e4ba50f785c1c8
2015-01-21 17:14 - 2015-01-21 17:14 - 00000891 _____ () C:\Users\ar-sports\Desktop\iPhone von Andi - Verknüpfung.lnk
2015-01-21 17:05 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-21 16:39 - 2015-01-21 17:05 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-21 16:39 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-21 16:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files\iTunes
2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-21 16:38 - 2015-01-21 16:38 - 00000000 ____D () C:\Program Files\iPod
2015-01-21 16:33 - 2015-01-21 16:36 - 122418480 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\iTunes64Setup (1).exe
2015-01-20 23:29 - 2015-01-20 23:30 - 00000000 ____D () C:\e8bd0b5a87fe32c4ee
2015-01-19 23:13 - 2015-01-19 23:13 - 00000000 ____D () C:\5e7e451a0cf836eaaab73e2081786c
2015-01-19 17:07 - 2015-01-19 17:08 - 00000000 ____D () C:\8249325112d6e9bc1f611f
2015-01-14 22:30 - 2015-01-14 22:30 - 00013844 _____ () C:\Users\ar-sports\Documents\Kopie von Logistikaufstellung DAVID 2015.xlsx
2015-01-14 08:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 16:36 - 2015-01-13 16:36 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - b39ff3e4de754a48ad14dfb13da642efb9b0e44ec9ba4f87be1144be0cdef85e
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 08:57 - 2012-04-18 13:58 - 00000000 ____D () C:\Users\ar-sports\Documents\Outlook-Dateien
2015-01-30 08:51 - 2012-11-21 08:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 08:31 - 2013-04-25 18:45 - 00000000 ____D () C:\Users\ar-sports\Desktop\Nürburgring
2015-01-30 08:20 - 2011-09-10 02:35 - 02014907 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 08:17 - 2012-08-12 20:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 07:01 - 2013-11-23 15:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-30 07:01 - 2012-11-21 08:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 07:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 07:01 - 2009-07-14 05:51 - 00140897 _____ () C:\Windows\setupact.log
2015-01-29 17:02 - 2014-10-16 12:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Schneeräumen
2015-01-29 08:45 - 2010-11-21 04:47 - 00433990 _____ () C:\Windows\PFRO.log
2015-01-29 08:44 - 2013-11-12 18:51 - 00000000 ____D () C:\AdwCleaner
2015-01-29 08:38 - 2014-12-27 15:54 - 00000000 ____D () C:\Users\ar-sports\Desktop\Autos
2015-01-29 07:49 - 2013-11-12 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 19:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-27 22:30 - 2012-07-12 20:12 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\vlc
2015-01-27 18:06 - 2011-09-10 12:28 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 18:06 - 2011-09-10 12:28 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 18:06 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 07:53 - 2014-01-21 08:03 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 21:20 - 2012-04-19 11:31 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-01-25 21:18 - 2012-04-18 17:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\UseNeXT
2015-01-25 21:13 - 2013-05-05 13:49 - 00000000 ____D () C:\Program Files (x86)\Racelogic
2015-01-25 15:47 - 2012-05-12 12:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Dropbox
2015-01-25 14:53 - 2012-05-28 09:20 - 00012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 13:56 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Apple Computer
2015-01-25 13:41 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Apple Computer
2015-01-25 13:33 - 2013-11-04 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-24 23:17 - 2012-08-12 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 23:17 - 2012-04-19 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:17 - 2011-08-03 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 09:18 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\ar-sports\Desktop\DavidMedien
2015-01-22 08:30 - 2012-05-12 13:01 - 00000000 ___RD () C:\Users\ar-sports\Dropbox
2015-01-21 16:38 - 2013-11-04 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-21 16:30 - 2013-11-04 10:47 - 00000000 ____D () C:\ProgramData\Apple
2015-01-21 15:28 - 2014-11-24 16:17 - 00001996 ____H () C:\Users\ar-sports\Documents\Default.rdp
2015-01-21 15:23 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-19 20:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 20:22 - 2012-04-17 16:01 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-16 23:06 - 2012-04-18 17:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Adobe
2015-01-16 21:02 - 2014-12-09 22:17 - 00000000 ____D () C:\Users\ar-sports\Desktop\Chris25
2015-01-16 00:08 - 2014-12-14 11:51 - 00000000 ____D () C:\Users\ar-sports\Desktop\AudiS3
2015-01-15 00:22 - 2013-08-14 22:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:18 - 2012-04-18 07:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:45 - 2014-07-27 16:55 - 00000000 ____D () C:\Users\ar-sports\Desktop\Aufträge_David
2015-01-13 14:31 - 2014-12-03 13:55 - 00000000 ____D () C:\ZR-Excelsicherung
2015-01-11 15:10 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2012-05-28 09:20 - 2015-01-25 14:53 - 0012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-06 14:15 - 2014-08-06 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-09-10 03:09 - 2012-04-18 15:35 - 0013715 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some content of TEMP:
====================
C:\Users\ar-sports\AppData\Local\Temp\avgnt.exe
C:\Users\ar-sports\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 10:02
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
DE]
Habe es noch einmal versucht und die txt am Desktop gespeichert. Aber FRST lässt mir keinen Fix mehr machen. No Fixlist found?
[CODE][
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by ar-sports (administrator) on AR-SPORTS-PC on 30-01-2015 09:04:18
Running from C:\Users\ar-sports\Downloads\FRST-OlderVersion
Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\Media remote\Media remote.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] ()
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-02-01] (May Software)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [184880 2011-07-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885043606-201990974-2310804300-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> {0717C853-92C3-0B8F-FF07-6E168161B86D} URL =
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.100
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20
FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-09-10]
FF HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Firefox\Extensions: [{284fed43-2e13-4afe-8aeb-50827d510e20}] - C:\Program Files (x86)\Re-markit\135.xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21]
CHR Extension: (Google Drive) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21]
CHR Extension: (Google-Suche) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21]
CHR Extension: (Google Wallet) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]
CHR Extension: (Google Mail) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-10-28] (CyberLink)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] () [File not signed]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] () [File not signed]
S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2005-06-09] (IBM Corporation) [File not signed]
R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-13] (Egis Technology Inc. )
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-07] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-18] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2011-01-18] (Intel(R) Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 09:03 - 2015-01-30 09:03 - 00004051 _____ () C:\Users\ar-sports\Desktop\Fixlist.txt
2015-01-29 23:49 - 2015-01-29 23:50 - 00000000 ____D () C:\13508aa44d652281d0ffe991
2015-01-29 20:30 - 2015-01-29 20:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Bildcomputer
2015-01-29 20:15 - 2015-01-30 09:04 - 00000000 ____D () C:\Users\ar-sports\Downloads\FRST-OlderVersion
2015-01-29 20:15 - 2015-01-29 20:16 - 00039047 _____ () C:\Users\ar-sports\Downloads\FRST.txt
2015-01-29 20:15 - 2015-01-29 20:16 - 00031322 _____ () C:\Users\ar-sports\Downloads\Addition.txt
2015-01-29 20:07 - 2015-01-29 20:07 - 00852573 _____ () C:\Users\ar-sports\Desktop\SecurityCheck.exe
2015-01-29 15:24 - 2015-01-29 15:24 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - ccfcbbb1da5f42e29333bd39eac1e2ab07e06d474b3648d0af4f25925603686c
2015-01-29 08:53 - 2015-01-29 08:53 - 01707939 _____ (Thisisu) C:\Users\ar-sports\Desktop\JRT.exe
2015-01-29 08:40 - 2015-01-29 08:40 - 02194432 _____ () C:\Users\ar-sports\Desktop\AdwCleaner_4.109.exe
2015-01-29 07:49 - 2015-01-30 07:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 07:49 - 2015-01-29 07:49 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-29 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-29 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-29 07:47 - 2015-01-29 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ar-sports\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-28 23:50 - 2015-01-28 23:51 - 00000000 ____D () C:\e5af0b43c0ead705e8f5a70b8555
2015-01-28 19:15 - 2015-01-28 19:15 - 00033772 _____ () C:\ComboFix.txt
2015-01-28 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 18:55 - 2015-01-28 19:15 - 00000000 ____D () C:\Qoobox
2015-01-28 18:55 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 18:54 - 2015-01-28 18:54 - 05610841 ____R (Swearware) C:\Users\ar-sports\Desktop\ComboFix.exe
2015-01-28 18:23 - 2015-01-28 18:23 - 00001268 _____ () C:\Users\ar-sports\Desktop\Revo Uninstaller.lnk
2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-28 18:22 - 2015-01-28 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ar-sports\Downloads\revosetup95.exe
2015-01-28 13:28 - 2015-01-28 13:29 - 00000000 ____D () C:\9a8479723a599ea3c91ede
2015-01-28 08:42 - 2015-01-28 08:43 - 00000000 ____D () C:\5ec6513707ea3739629bac1bb9e073
2015-01-28 04:09 - 2015-01-30 09:04 - 00000000 ____D () C:\FRST
2015-01-28 00:01 - 2015-01-28 00:01 - 00000000 ____D () C:\8ed94f21db07ead1de5b4b47817232
2015-01-27 18:52 - 2015-01-29 20:15 - 02130432 _____ (Farbar) C:\Users\ar-sports\Downloads\FRST64.exe
2015-01-26 23:45 - 2015-01-26 23:46 - 00000000 ____D () C:\260044cb1e8dfa06e556a3b12f3868
2015-01-25 23:47 - 2015-01-25 23:48 - 00000000 ____D () C:\abd2c10a63f765a5b5741677
2015-01-25 21:20 - 2015-01-25 21:20 - 00001861 _____ () C:\Users\ar-sports\Desktop\UseNeXT by Tangysoft.lnk
2015-01-25 21:20 - 2015-01-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2015-01-25 21:06 - 2015-01-25 21:06 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\ar-sports\Downloads\UseNeXTSetup_5.64.exe
2015-01-25 14:25 - 2015-01-25 14:31 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Samsung
2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch
2015-01-25 13:56 - 2015-01-30 08:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\8908D6CF-FA27-41F6-911D-151CEE0547DD.aplzod
2015-01-25 13:38 - 2015-01-25 13:39 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup (1).exe
2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-25 13:31 - 2015-01-25 13:33 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup.exe
2015-01-25 00:09 - 2015-01-25 00:10 - 00000000 ____D () C:\567f23d61e19196654ff15f6d11c7d
2015-01-24 00:13 - 2015-01-24 00:13 - 00000000 ____D () C:\7b97ffe15426a80f1fa531e9
2015-01-23 00:05 - 2015-01-23 00:06 - 00000000 ____D () C:\89cf8cad9273348b3978
2015-01-21 23:56 - 2015-01-21 23:57 - 00000000 ____D () C:\e8d3e4ba50f785c1c8
2015-01-21 17:14 - 2015-01-21 17:14 - 00000891 _____ () C:\Users\ar-sports\Desktop\iPhone von Andi - Verknüpfung.lnk
2015-01-21 17:05 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-21 16:39 - 2015-01-21 17:05 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-21 16:39 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-21 16:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files\iTunes
2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-21 16:38 - 2015-01-21 16:38 - 00000000 ____D () C:\Program Files\iPod
2015-01-21 16:33 - 2015-01-21 16:36 - 122418480 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\iTunes64Setup (1).exe
2015-01-20 23:29 - 2015-01-20 23:30 - 00000000 ____D () C:\e8bd0b5a87fe32c4ee
2015-01-19 23:13 - 2015-01-19 23:13 - 00000000 ____D () C:\5e7e451a0cf836eaaab73e2081786c
2015-01-19 17:07 - 2015-01-19 17:08 - 00000000 ____D () C:\8249325112d6e9bc1f611f
2015-01-14 22:30 - 2015-01-14 22:30 - 00013844 _____ () C:\Users\ar-sports\Documents\Kopie von Logistikaufstellung DAVID 2015.xlsx
2015-01-14 08:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 08:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 08:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 08:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 08:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 08:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 08:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 16:36 - 2015-01-13 16:36 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - b39ff3e4de754a48ad14dfb13da642efb9b0e44ec9ba4f87be1144be0cdef85e
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 08:57 - 2012-04-18 13:58 - 00000000 ____D () C:\Users\ar-sports\Documents\Outlook-Dateien
2015-01-30 08:51 - 2012-11-21 08:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 08:31 - 2013-04-25 18:45 - 00000000 ____D () C:\Users\ar-sports\Desktop\Nürburgring
2015-01-30 08:20 - 2011-09-10 02:35 - 02014907 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 08:17 - 2012-08-12 20:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 07:01 - 2013-11-23 15:51 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-30 07:01 - 2012-11-21 08:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 07:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 07:01 - 2009-07-14 05:51 - 00140897 _____ () C:\Windows\setupact.log
2015-01-29 17:02 - 2014-10-16 12:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Schneeräumen
2015-01-29 08:45 - 2010-11-21 04:47 - 00433990 _____ () C:\Windows\PFRO.log
2015-01-29 08:44 - 2013-11-12 18:51 - 00000000 ____D () C:\AdwCleaner
2015-01-29 08:38 - 2014-12-27 15:54 - 00000000 ____D () C:\Users\ar-sports\Desktop\Autos
2015-01-29 07:49 - 2013-11-12 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 19:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-27 22:30 - 2012-07-12 20:12 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\vlc
2015-01-27 18:06 - 2011-09-10 12:28 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2015-01-27 18:06 - 2011-09-10 12:28 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2015-01-27 18:06 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 07:53 - 2014-01-21 08:03 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 21:20 - 2012-04-19 11:31 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2015-01-25 21:18 - 2012-04-18 17:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\UseNeXT
2015-01-25 21:13 - 2013-05-05 13:49 - 00000000 ____D () C:\Program Files (x86)\Racelogic
2015-01-25 15:47 - 2012-05-12 12:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Dropbox
2015-01-25 14:53 - 2012-05-28 09:20 - 00012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-25 13:56 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Apple Computer
2015-01-25 13:41 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Apple Computer
2015-01-25 13:33 - 2013-11-04 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-24 23:17 - 2012-08-12 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 23:17 - 2012-04-19 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 23:17 - 2011-08-03 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 09:18 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\ar-sports\Desktop\DavidMedien
2015-01-22 08:30 - 2012-05-12 13:01 - 00000000 ___RD () C:\Users\ar-sports\Dropbox
2015-01-21 16:38 - 2013-11-04 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-21 16:30 - 2013-11-04 10:47 - 00000000 ____D () C:\ProgramData\Apple
2015-01-21 15:28 - 2014-11-24 16:17 - 00001996 ____H () C:\Users\ar-sports\Documents\Default.rdp
2015-01-21 15:23 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-19 20:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 20:22 - 2012-04-17 16:01 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-16 23:06 - 2012-04-18 17:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Adobe
2015-01-16 21:02 - 2014-12-09 22:17 - 00000000 ____D () C:\Users\ar-sports\Desktop\Chris25
2015-01-16 00:08 - 2014-12-14 11:51 - 00000000 ____D () C:\Users\ar-sports\Desktop\AudiS3
2015-01-15 00:22 - 2013-08-14 22:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 00:18 - 2012-04-18 07:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:45 - 2014-07-27 16:55 - 00000000 ____D () C:\Users\ar-sports\Desktop\Aufträge_David
2015-01-13 14:31 - 2014-12-03 13:55 - 00000000 ____D () C:\ZR-Excelsicherung
2015-01-11 15:10 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2012-05-28 09:20 - 2015-01-25 14:53 - 0012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-06 14:15 - 2014-08-06 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-09-10 03:09 - 2012-04-18 15:35 - 0013715 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some content of TEMP:
====================
C:\Users\ar-sports\AppData\Local\Temp\avgnt.exe
C:\Users\ar-sports\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 10:02
==================== End Of Log ============================ --- --- ---
--- --- ---
/CODE]
Sorry wenn die jetzt doppelt und dreifach sind.. |