Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein Avira meldet: TR/Dropper.Gen. PC ist langsam und stürzt ab! was tun? (https://www.trojaner-board.de/165877-avira-meldet-tr-dropper-gen-pc-langsam-stuerzt-ab-tun.html)

Johannes K 07.04.2015 14:12
Mein Avira meldet: TR/Dropper.Gen. PC ist langsam und stürzt ab! was tun?
 
Hallo,
Mein Avira meldet dass ein unerwünschtes Programm gefunden wurde:

"In der Datei 'C:\Windows\Temp\Setup_4.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Dieses Problem tritt jetzt zum erneuten Mal auf, außerdem wird mein PC langsamer und stürzt sogar manchmal ab.
Was kann ich dagegen tun? Ich kenne mich damit überhaupt nicht aus.

LG und Danke im voraus
Johannes

schrauber 07.04.2015 15:01
Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Johannes K 07.04.2015 15:32
Hi,
Alles klar habs gemacht:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Johannes (administrator) on JOHANNES-PC on 07-04-2015 16:28:25
Running from C:\Users\Johannes\Downloads
Loaded Profiles: UpdatusUser & Johannes (Available profiles: UpdatusUser & Johannes & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Users\Johannes\AppData\Local\RGMService\RGMUpdater.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Users\Johannes\AppData\Local\RGMService\RGMLoader.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Dropbox, Inc.) C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-22] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [SSync] => C:\Users\Johannes\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [OMESupervisor] => C:\Users\Johannes\AppData\Local\omesuperv.exe [939496 2015-04-02] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Google Update] => "C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [MusicManager] => C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Spotify Web Helper] => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-27] (Spotify Ltd)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Sixth] => C:\Users\Johannes\AppData\Roaming\Sixth\Sixth.exe [74470 2014-11-24] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [SCheck] => C:\Users\Johannes\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Snoozer] => C:\Users\Johannes\AppData\Roaming\Snz\Snz.exe [1641116 2015-02-18] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [DataMgr] => C:\Users\Johannes\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Seventh] => C:\Users\Johannes\AppData\Roaming\Seventh\Seventh.exe [98491 2015-02-22] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Intermediate] => C:\Users\Johannes\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\MountPoints2: {90d4c22a-4f94-11e3-bfe1-20689d450095} - "E:\SISetup.exe"
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DREAMA~1.SCR
AppInit_DLLs: C:\Users\Johannes\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\Johannes\AppData\Local\Smartbar\Application\Resources\crdlil64.dll File Not Found
AppInit_DLLs-x32: C:\Users\Johannes\AppData\Local\Smartbar\Application\Resources\crdlil.dll => "C:\Users\Johannes\AppData\Local\Smartbar\Application\Resources\crdlil.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGuXaSbcoFj4G0Xkn2Yw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGuXaSbcoFj4G0Xkn2Yw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGuXaSbcoFj4G0Xkn2Yw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> {7716859D-5137-4A19-93F9-101D9A9FD28B} URL =
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=fpo&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PiccShare BHO -> {553318DA-D010-469E-84B1-496563CAE1C0} -> C:\Users\Johannes\AppData\Local\ext_piccshare\ext_piccshare.dll [2013-07-21] (HTTO Group, Ltd)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SeeSimilar -> {F225A2E3-8EE1-4204-B7A0-F4C551578A87} -> C:\Program Files (x86)\SeeSimilar\ScriptHost.dll [2013-06-20] (SeeSimilar.com)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default
FF DefaultSearchEngine: Search
FF DefaultSearchUrl: hxxp://search.fbdownloader.com/search.php?channel=fpo&q=
FF SelectedSearchEngine: Search
FF Homepage: hxxp://search.fbdownloader.com/?channel=fpo
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=fpo&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-04] ()
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\babylon.xml [2013-07-30]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\BrowserDefender.xml [2013-07-30]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\BrowserProtect.xml [2013-07-23]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\delta.xml [2013-07-23]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\fbdownloader_search.xml [2015-03-29]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\holasearch.xml [2013-07-30]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\search.xml [2015-03-29]
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\search_the_web.xml [2013-08-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013-06-14]
FF Extension: SeeSimilar - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\SeeSimilar@SeeSimilar.com [2013-07-30]
FF Extension: FoxyDeal - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-07-30]
FF Extension: PiccShare - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\ff_v0.6@piccshare.com.xpi [2013-07-21]
FF Extension: FavGenius - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\fg@favgenius.com.xpi [2015-03-30]
FF Extension: Simple New Tab - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Johannes\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\Johannes\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2014-03-31] () [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-12] (Dritek System INC.)
R2 RGMUpdater; C:\Users\Johannes\AppData\Local\RGMService\RGMUpdater.exe [28160 2014-10-27] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-12] (Dritek System Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-22] (Duplex Secure Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 16:28 - 2015-04-07 16:28 - 00031732 _____ () C:\Users\Johannes\Downloads\FRST.txt
2015-04-07 16:28 - 2015-04-07 16:28 - 00000000 ____D () C:\FRST
2015-04-07 16:26 - 2015-04-07 16:26 - 02095616 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2015-04-07 15:00 - 2015-04-07 15:01 - 00293560 _____ () C:\WINDOWS\Minidump\040715-51875-01.dmp
2015-04-02 20:01 - 2015-04-02 20:01 - 00939496 _____ () C:\Users\Johannes\AppData\Local\omesuperv.exe
2015-03-31 23:08 - 2015-03-31 23:09 - 00292792 _____ () C:\WINDOWS\Minidump\033115-24984-01.dmp
2015-03-31 22:42 - 2015-03-31 22:43 - 00293656 _____ () C:\WINDOWS\Minidump\033115-26984-01.dmp
2015-03-31 22:03 - 2015-03-31 22:03 - 00292792 _____ () C:\WINDOWS\Minidump\033115-26515-01.dmp
2015-03-31 20:21 - 2015-03-31 20:22 - 00292696 _____ () C:\WINDOWS\Minidump\033115-151375-01.dmp
2015-03-31 20:18 - 2015-03-31 20:18 - 00003480 ____N () C:\bootsqm.dat
2015-03-31 20:17 - 2015-03-31 20:17 - 00000000 __SHD () C:\found.000
2015-03-31 13:29 - 2015-03-31 13:30 - 00295576 _____ () C:\WINDOWS\Minidump\033115-24859-01.dmp
2015-03-31 12:31 - 2015-03-31 13:27 - 00023964 _____ () C:\Users\Johannes\Documents\untitled_AutoSave.gcs
2015-03-29 22:47 - 2015-03-29 22:47 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-03-29 22:47 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-03-29 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 22:44 - 2015-03-29 22:44 - 00243648 _____ () C:\Users\Johannes\Downloads\Firefox Setup Stub 36.0.4.exe
2015-03-25 16:36 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-24 01:05 - 2015-03-24 01:05 - 00735304 _____ () C:\WINDOWS\Minidump\032415-19578-01.dmp
2015-03-22 12:23 - 2015-03-22 14:33 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\GoPro
2015-03-22 12:22 - 2015-03-22 18:48 - 00000000 ____D () C:\Users\Public\CineForm
2015-03-22 12:22 - 2015-03-22 12:22 - 00001128 _____ () C:\Users\Johannes\Desktop\GoPro Studio.lnk
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Users\Johannes\AppData\Local\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\CineForm
2015-03-22 12:17 - 2015-03-22 12:22 - 00002272 _____ () C:\WINDOWS\DPINST.LOG
2015-03-22 12:17 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-22 11:59 - 2015-03-22 11:59 - 01203488 _____ () C:\Users\Johannes\Downloads\GoPro Studio - CHIP-Installer.exe
2015-03-17 21:29 - 2015-03-17 21:29 - 00001516 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2015-03-17 21:25 - 2015-03-17 21:25 - 01203488 _____ () C:\Users\Johannes\Downloads\Free Video Flip and Rotate - CHIP-Installer.exe
2015-03-12 18:04 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-12 18:04 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-12 18:04 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-12 18:04 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-12 18:04 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-12 18:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-12 18:04 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-12 18:04 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-12 18:04 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-12 18:04 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-12 18:03 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-12 18:03 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-12 18:03 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-12 18:03 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-12 18:03 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-12 18:03 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-12 18:03 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-12 18:03 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-12 18:03 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-12 18:03 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-12 18:03 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-12 18:03 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-12 18:03 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-12 18:03 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-12 18:03 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-12 18:03 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-12 18:03 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-12 18:03 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-12 18:03 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-12 18:03 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-12 18:03 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-12 18:03 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-12 18:03 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-12 18:03 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-12 18:03 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-12 18:03 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-12 18:03 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 18:03 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-12 18:03 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-12 18:03 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 18:03 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-12 18:03 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-12 18:03 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-12 18:03 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-12 18:03 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-12 18:03 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-12 18:03 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-12 18:03 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-12 18:03 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-12 17:34 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-12 17:34 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-12 17:34 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-12 17:34 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-12 17:34 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-12 17:34 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-12 17:34 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-12 17:34 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-12 17:34 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-12 17:34 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-12 17:34 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-12 17:34 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-12 17:34 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-12 17:32 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-12 17:32 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-12 17:32 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-12 17:32 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-12 17:32 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-12 17:32 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-12 17:32 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-12 17:32 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-12 17:32 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-12 17:32 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-12 17:32 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-12 17:32 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-12 17:32 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-12 17:32 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-12 17:32 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-12 17:32 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-12 17:32 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-12 17:32 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-12 17:32 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-12 17:32 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-12 17:32 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-12 17:32 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-12 17:32 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-12 17:32 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-12 17:32 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-12 17:32 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-12 17:32 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-12 17:32 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-12 17:32 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-12 17:32 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-12 17:32 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-12 17:32 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-12 17:32 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-12 17:32 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-12 17:32 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-12 17:32 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-12 17:32 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-12 17:31 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-12 17:31 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-12 17:31 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-12 17:31 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-12 17:31 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-12 17:31 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-12 17:30 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-12 17:30 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 16:27 - 2013-05-03 17:11 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-89369655-3679999935-2157184473-1002
2015-04-07 16:26 - 2013-10-22 15:47 - 01088424 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-07 16:25 - 2013-12-26 21:20 - 00000000 __RDO () C:\Users\Johannes\SkyDrive
2015-04-07 16:24 - 2014-03-15 12:18 - 00000000 ___RD () C:\Users\Johannes\Dropbox
2015-04-07 16:24 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Dropbox
2015-04-07 16:23 - 2014-08-19 15:20 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Seventh
2015-04-07 16:23 - 2014-04-26 20:37 - 00000000 ___RD () C:\Users\Johannes\Google Drive
2015-04-07 16:22 - 2014-12-09 22:52 - 00000000 ____D () C:\Users\Johannes\AppData\Local\RGMService
2015-04-07 16:22 - 2013-10-08 12:35 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec41217e0faff.job
2015-04-07 16:22 - 2013-05-14 21:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-07 16:21 - 2013-12-11 23:05 - 00036139 _____ () C:\WINDOWS\setupact.log
2015-04-07 16:21 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-07 15:45 - 2013-10-22 15:23 - 00000000 ____D () C:\Users\Johannes
2015-04-07 15:45 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-07 15:15 - 2014-07-26 17:59 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002UA.job
2015-04-07 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-07 15:12 - 2013-05-03 17:24 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 15:00 - 2013-12-26 19:26 - 00272888 _____ () C:\WINDOWS\PFRO.log
2015-04-07 15:00 - 2013-10-27 13:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-07 15:00 - 2013-04-03 10:30 - 766803909 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-07 14:47 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-07 14:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-07 14:46 - 2013-06-09 21:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Avira
2015-04-07 14:45 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-04-07 14:39 - 2013-05-11 17:05 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Adobe
2015-04-07 14:38 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-07 14:38 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-07 14:38 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-07 14:36 - 2013-10-28 21:23 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{965EBEB5-AFC7-45A7-A256-B0D90091556D}
2015-04-07 14:35 - 2013-07-28 16:44 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Intermediate
2015-03-31 23:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-31 13:23 - 2012-08-02 13:37 - 00000000 ____D () C:\ProgramData\Temp
2015-03-29 22:47 - 2013-09-13 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-29 22:47 - 2013-05-14 20:57 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Mozilla
2015-03-29 16:08 - 2014-10-08 22:58 - 00015174 _____ () C:\Users\Johannes\Documents\Lohn Oktober.xlsx
2015-03-29 16:04 - 2014-10-08 22:38 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Deployment
2015-03-29 15:48 - 2013-05-10 16:45 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\vlc
2015-03-27 18:31 - 2013-08-22 16:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-27 18:25 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Spotify
2015-03-27 18:25 - 2013-05-05 00:59 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-27 18:13 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Spotify
2015-03-25 17:26 - 2014-12-10 20:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-25 17:26 - 2014-07-10 17:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-22 12:17 - 2014-08-18 13:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-22 12:15 - 2014-07-26 17:59 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002Core.job
2015-03-17 21:29 - 2015-02-06 16:56 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-17 21:29 - 2014-09-25 15:03 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\RHEng
2015-03-17 21:29 - 2013-05-07 22:47 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
2015-03-16 21:58 - 2013-05-04 11:39 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Apple Computer
2015-03-16 19:32 - 2013-12-26 19:13 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-15 17:46 - 2013-05-04 11:27 - 00000000 ____D () C:\Users\Johannes\Documents\CyberLink
2015-03-14 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-14 12:35 - 2013-08-22 16:44 - 05112832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-14 00:15 - 2013-05-11 16:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 00:14 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-03-13 21:47 - 2013-05-10 16:44 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:47 - 2013-05-10 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-13 18:36 - 2014-03-15 12:18 - 00001083 _____ () C:\Users\Johannes\Desktop\Dropbox.lnk
2015-03-13 18:36 - 2014-03-14 22:21 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-10 16:49 - 2013-06-09 21:04 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 16:49 - 2013-06-09 21:04 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-10 16:49 - 2013-06-09 21:04 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2013-10-07 22:19 - 2013-10-07 22:19 - 5082084 _____ (The Public) C:\Users\Johannes\AppData\Roaming\Avisynth.exe
2013-10-07 22:19 - 2013-10-07 22:20 - 5243208 _____ (                                                            ) C:\Users\Johannes\AppData\Roaming\AvsP.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 5514668 _____ (LIGHTNING UK!) C:\Users\Johannes\AppData\Roaming\Imgburn.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 1357348 _____ () C:\Users\Johannes\AppData\Roaming\MatroskaSplitter.exe
2013-10-07 22:20 - 2013-10-07 22:20 - 7760687 _____ (Boraxsoft) C:\Users\Johannes\AppData\Roaming\SetupGFD.exe
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\SystemConfiguration
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Tables
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Techno Kit
2013-10-07 22:19 - 2013-10-07 22:19 - 0117723 _____ () C:\Users\Johannes\AppData\Roaming\yuvcodecs-1.3.exe
2013-08-19 19:07 - 2015-03-04 17:52 - 0012800 _____ () C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-21 15:24 - 2013-07-21 15:24 - 0047776 _____ () C:\Users\Johannes\AppData\Local\ext_piccshare_uninst.exe
2015-04-02 20:01 - 2015-04-02 20:01 - 0939496 _____ () C:\Users\Johannes\AppData\Local\omesuperv.exe
2013-05-11 15:48 - 2014-05-14 20:00 - 0000080 _____ () C:\Users\Johannes\AppData\Local\X-Plane Installer.prf
2013-05-11 12:18 - 2014-05-14 20:03 - 0000073 _____ () C:\Users\Johannes\AppData\Local\X-Plane_drm.prf
2013-05-11 12:19 - 2014-04-26 18:50 - 0000245 _____ () C:\Users\Johannes\AppData\Local\x-plane_install_10.txt
2012-09-12 19:08 - 2012-09-12 19:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 13:37 - 2013-12-30 13:45 - 0000303 _____ () C:\ProgramData\hpzinstall.log
2013-05-03 19:14 - 2013-05-03 19:14 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-05-03 19:14 - 2014-11-19 23:43 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-05-03 19:14 - 2014-11-06 22:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Textures
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Themes
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Track Settings

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\22kaxvks.dll
C:\Users\Johannes\AppData\Local\Temp\2bfge5eo.dll
C:\Users\Johannes\AppData\Local\Temp\6gofsl67.dll
C:\Users\Johannes\AppData\Local\Temp\a3onmuml.dll
C:\Users\Johannes\AppData\Local\Temp\AutoRun.exe
C:\Users\Johannes\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\b6zeu71a.dll
C:\Users\Johannes\AppData\Local\Temp\cxoyhhlj.dll
C:\Users\Johannes\AppData\Local\Temp\cz0_zyus.dll
C:\Users\Johannes\AppData\Local\Temp\dbwk4i1y.dll
C:\Users\Johannes\AppData\Local\Temp\dhckg-lj.dll
C:\Users\Johannes\AppData\Local\Temp\dlfkctko.dll
C:\Users\Johannes\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuxmb_i.dll
C:\Users\Johannes\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Johannes\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Johannes\AppData\Local\Temp\e57co--u.dll
C:\Users\Johannes\AppData\Local\Temp\e91tohsu.dll
C:\Users\Johannes\AppData\Local\Temp\fe7qt9oi.dll
C:\Users\Johannes\AppData\Local\Temp\fo-l87go.dll
C:\Users\Johannes\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Johannes\AppData\Local\Temp\fztctfuz.dll
C:\Users\Johannes\AppData\Local\Temp\gk0msjmv.dll
C:\Users\Johannes\AppData\Local\Temp\gwoudkdh.dll
C:\Users\Johannes\AppData\Local\Temp\g_vvqi0j.dll
C:\Users\Johannes\AppData\Local\Temp\h9q_apes.dll
C:\Users\Johannes\AppData\Local\Temp\htsiki1c.dll
C:\Users\Johannes\AppData\Local\Temp\idkdfqzq.dll
C:\Users\Johannes\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Johannes\AppData\Local\Temp\jm7nk1bz.dll
C:\Users\Johannes\AppData\Local\Temp\jr1f5vlj.dll
C:\Users\Johannes\AppData\Local\Temp\k-w5yhk7.dll
C:\Users\Johannes\AppData\Local\Temp\kgq1a-ge.dll
C:\Users\Johannes\AppData\Local\Temp\kpobcyc7.dll
C:\Users\Johannes\AppData\Local\Temp\krs04jpi.dll
C:\Users\Johannes\AppData\Local\Temp\lecoefcw.dll
C:\Users\Johannes\AppData\Local\Temp\loccgs4w.dll
C:\Users\Johannes\AppData\Local\Temp\lvz5r6vx.dll
C:\Users\Johannes\AppData\Local\Temp\mtpwvnir.dll
C:\Users\Johannes\AppData\Local\Temp\mx2ynl_o.dll
C:\Users\Johannes\AppData\Local\Temp\ose00000.exe
C:\Users\Johannes\AppData\Local\Temp\ozqqte2m.dll
C:\Users\Johannes\AppData\Local\Temp\pfn5v1qm.dll
C:\Users\Johannes\AppData\Local\Temp\q8j_3zps.dll
C:\Users\Johannes\AppData\Local\Temp\qtav92jm.dll
C:\Users\Johannes\AppData\Local\Temp\qyrpczjx.dll
C:\Users\Johannes\AppData\Local\Temp\r-uuzkg7.dll
C:\Users\Johannes\AppData\Local\Temp\raoykoow.dll
C:\Users\Johannes\AppData\Local\Temp\s3pd_b8t.dll
C:\Users\Johannes\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Johannes\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Johannes\AppData\Local\Temp\siinst.exe
C:\Users\Johannes\AppData\Local\Temp\siuninst.exe
C:\Users\Johannes\AppData\Local\Temp\snfww3eq.dll
C:\Users\Johannes\AppData\Local\Temp\strings.dll
C:\Users\Johannes\AppData\Local\Temp\ticmwmrm.dll
C:\Users\Johannes\AppData\Local\Temp\tmd_34011138.exe
C:\Users\Johannes\AppData\Local\Temp\tmd_34013832.exe
C:\Users\Johannes\AppData\Local\Temp\tmd_34018253.exe
C:\Users\Johannes\AppData\Local\Temp\tv7rzvor.dll
C:\Users\Johannes\AppData\Local\Temp\ukvr85sv.dll
C:\Users\Johannes\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Johannes\AppData\Local\Temp\vt0o2ejm.dll
C:\Users\Johannes\AppData\Local\Temp\vzdoii2g.dll
C:\Users\Johannes\AppData\Local\Temp\wxblsjuf.dll
C:\Users\Johannes\AppData\Local\Temp\xqh_t9ns.dll
C:\Users\Johannes\AppData\Local\Temp\y2ejay9g.dll
C:\Users\Johannes\AppData\Local\Temp\yrrrillk.dll
C:\Users\Johannes\AppData\Local\Temp\z2qgjzwv.dll
C:\Users\Johannes\AppData\Local\Temp\_xaktzhe.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-31 20:58

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Johannes at 2015-04-07 16:30:18
Running from C:\Users\Johannes\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{F6100F13-F183-47A2-94A8-9AAC4976E228}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALDI Bestellsoftware 4.12.2 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.2 - ORWO Net)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.2020.106 - Alps Electric)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AquaSoft DiaShow 8 Premium (HKLM-x32\...\AquaSoft DiaShow 8 Premium) (Version: 8.5.01 - AquaSoft)
AquaSoft DiaShow 8 Premium (x32 Version: 8.5.01 - AquaSoft) Hidden
AquaSoft DiaShow 8 Ultimate (HKLM-x32\...\AquaSoft DiaShow 8 Ultimate) (Version: 8.4.02 - AquaSoft)
AquaSoft DiaShow 8 Ultimate (x32 Version: 8.4.02 - AquaSoft) Hidden
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
Ashampoo WinOptimizer 10 v.10.2.6 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.06 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.2 - GPL Public release.)
AvsP (HKLM-x32\...\AvsP_is1) (Version:  - )
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chromium Browser (HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Chromium) (Version: 41.0.2231.0 - Chrome)
ClipCnv (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5e9aae86}) (Version:  - Software Publisher) <==== ATTENTION
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2027.3 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2027.3 - Ihr Firmenname) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FilmOn HDi Player 3 (HKLM-x32\...\FilmOn HDi Player) (Version: 3.1.3657 - FilmOn.TV Networks)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FoxyDeal (HKLM-x32\...\FoxyDeal) (Version: 1.1.0 - R&E Media GmbH) <==== ATTENTION
Free Video Flip and Rotate version 1.0.10.301 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.0.10.301 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GoPro Studio 2.5.1 (HKLM-x32\...\GoPro Studio) (Version: 2.5.1 - GoPro, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Guitar Pro 5.1 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version:  - )
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Iminent (x32 Version: 6.27.21.0 - Iminent) Hidden <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Music Manager (HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\MusicManager) (Version:  - Google, Inc.)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PiccShare (HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\PiccShare) (Version: 2.0 - HTTO Group Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power Tab Editor 1.7 (HKLM-x32\...\Power Tab Editor 1.7) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Ihr Firmenname)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Readiris Pro 12 (HKLM-x32\...\{B6214EA9-7BE8-4A91-B8B3-45F42F90188F}) (Version: 12.00.6209 - I.R.I.S.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
SeeSimilar (HKLM-x32\...\SeeSimilar) (Version: 1.0.0.5 - SeeSimilar.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version:  - (c) 2006-2011, Tom Thielicke IT Solutions)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Virtual DJ Home Edition - Atomix Productions (HKLM-x32\...\Virtual DJ Home Edition - Atomix Productions) (Version:  - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-89369655-3679999935-2157184473-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-03-2015 22:18:44 Geplanter Prüfpunkt
25-03-2015 16:58:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2013-05-11 17:18 - 00000889 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1        activate.adobe.com
127.0.0.1        practivate.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D70DAE2-420C-48D7-9C75-30196249A6CA} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {309F71EF-0F9E-4C45-8221-8CAA18676C56} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002Core => C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3D690F53-EF5D-46CC-BDD8-CA382BDC4A20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-27] (Microsoft Corporation)
Task: {4371749B-8496-4B36-A111-4470C4A63FA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {478FA25E-1494-4827-81A2-5C86B79FF891} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {53A9494C-3B9A-479C-A1E1-504059C351F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {5A23BD5E-6902-4911-BB70-12B07126F371} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {65505EFD-86FC-4976-88D2-965A0D676395} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002UA => C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7360C189-16A2-463D-81BF-5A23AA9C1E85} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {772659DD-2640-44CD-8C29-0C66620F5935} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {78025B79-999F-43C0-8D5C-6B61C025589C} - System32\Tasks\EPUpdater => C:\Users\Johannes\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {7CD5FFF9-DD8F-4B60-83DA-DAEDD826AEA1} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {86F4D659-4216-40C7-B9E5-57A9072F4996} - System32\Tasks\GoogleUpdateTaskMachineCore1cec41217e0faff => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {8F174782-6348-4DE1-99B2-27622061D910} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {915FB234-90F7-4B85-B441-016CB911CA0F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {9C80CCBA-A4E8-4866-B560-E48429F945EC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-johannes.kretzschmar@gmx.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {9D2DA7E5-626E-402C-B251-7010E92A78C5} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {A069A1BC-5910-4353-AC50-22B28F61910F} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18] (ArcSoft Inc.)
Task: {EBB21C08-6772-426A-A69B-CF56A8430338} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {F23E1FED-B96C-4D63-BC41-0BA4EDB222AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F4AC12C3-7C53-4BD3-924D-3B33BCC7D6CC} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec41217e0faff.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002Core.job => C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002UA.job => C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-17 16:45 - 2012-08-31 16:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-05-11 17:27 - 2014-03-31 21:24 - 00008192 _____ () C:\WINDOWS\SysWOW64\srvany.exe
2014-03-31 21:24 - 2014-03-31 21:24 - 00151552 _____ () C:\WINDOWS\KMService.exe
2014-10-27 17:04 - 2014-10-27 17:04 - 00028160 _____ () C:\Users\Johannes\AppData\Local\RGMService\RGMUpdater.exe
2014-02-28 13:01 - 2012-08-08 22:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-01 18:01 - 2014-12-01 18:01 - 00974848 _____ () C:\Users\Johannes\AppData\Local\RGMService\RGMLoader.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 17:45 - 2012-07-31 17:45 - 00384128 _____ () c:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-07-31 17:40 - 2012-07-31 17:40 - 00020992 _____ () c:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-08-22 15:04 - 2012-08-22 15:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-22 15:04 - 2012-08-22 15:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-12-01 18:01 - 2014-12-01 18:01 - 01686016 _____ () C:\Users\Johannes\AppData\Local\RGMService\RGMHost.dll
2014-12-01 18:01 - 2014-12-01 18:01 - 02745856 _____ () C:\Users\Johannes\AppData\Local\RGMService\MonetizationToolsManager.dll
2014-12-01 18:02 - 2014-12-01 18:02 - 01592832 _____ () C:\Users\Johannes\AppData\Local\RGMService\ProtectorsManager.dll
2014-09-03 21:15 - 2014-09-03 21:15 - 10683392 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 21:15 - 2014-09-03 21:15 - 07741952 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 21:15 - 2014-09-03 21:15 - 01681408 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-09-03 21:15 - 2014-09-03 21:15 - 02248192 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-11-13 20:57 - 2014-11-13 20:57 - 00117248 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-11-13 20:57 - 2014-11-13 20:57 - 00231936 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-11-13 20:57 - 2014-11-13 20:57 - 00253440 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-11-13 20:57 - 2014-11-13 20:57 - 00344064 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 21:15 - 2014-09-03 21:15 - 00026624 _____ () C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-10-09 00:22 - 2014-10-09 00:22 - 01795584 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\GPSDKAnalyticsNet.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00750080 _____ () C:\Users\Johannes\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-07 16:24 - 2015-04-07 16:24 - 00043008 _____ () c:\users\johannes\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuxmb_i.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00047616 _____ () C:\Users\Johannes\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00865280 _____ () C:\Users\Johannes\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 00:07 - 2015-03-05 00:07 - 00200704 _____ () C:\Users\Johannes\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-07 16:23 - 2015-04-07 16:23 - 00098816 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32api.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00110080 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\pywintypes27.dll
2015-04-07 16:23 - 2015-04-07 16:23 - 00364544 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\pythoncom27.dll
2015-04-07 16:23 - 2015-04-07 16:23 - 00045568 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\_socket.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 01160704 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\_ssl.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00320512 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32com.shell.shell.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00713216 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\_hashlib.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 01175040 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._core_.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00805888 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._gdi_.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00811008 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._windows_.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 01062400 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._controls_.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00735232 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._misc_.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00128512 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\_elementtree.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00127488 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\pyexpat.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00557056 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\pysqlite2._sqlite.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00087552 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\_ctypes.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00119808 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32file.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00108544 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32security.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00007168 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\hashobjs_ext.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00167936 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32gui.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00018432 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32event.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00038912 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32inet.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00011264 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32crypt.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00070656 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._html2.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00027136 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\_multiprocessing.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00035840 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32process.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00686080 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\unicodedata.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00122368 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._wizard.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00024064 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32pipe.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00025600 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32pdh.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00525640 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\windows._lib_cacheinvalidation.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00010240 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\select.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00017408 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32profile.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00022528 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\win32ts.pyd
2015-04-07 16:23 - 2015-04-07 16:23 - 00078336 _____ () C:\Users\Johannes\AppData\Local\Temp\_MEI34282\wx._animate.pyd
2014-12-09 22:55 - 2014-12-01 07:48 - 01409536 _____ () C:\Users\Johannes\AppData\Local\Chrome\Application\41.0.2231.0\libglesv2.dll
2014-12-09 22:55 - 2014-12-01 07:48 - 00223744 _____ () C:\Users\Johannes\AppData\Local\Chrome\Application\41.0.2231.0\libegl.dll
2014-12-09 22:55 - 2014-12-01 07:48 - 09528320 _____ () C:\Users\Johannes\AppData\Local\Chrome\Application\41.0.2231.0\pdf.dll
2012-09-12 19:05 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Johannes\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Johannes\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Johannes\Pictures\Eigene Bilder\2014_Moskau\DSCN5308.JPG
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LManager"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\StartupApproved\Run: => "AdobeBridge"

==================== Accounts: =============================

Administrator (S-1-5-21-89369655-3679999935-2157184473-500 - Administrator - Disabled)
Gast (S-1-5-21-89369655-3679999935-2157184473-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-89369655-3679999935-2157184473-1007 - Limited - Enabled)
Johannes (S-1-5-21-89369655-3679999935-2157184473-1002 - Administrator - Enabled) => C:\Users\Johannes
UpdatusUser (S-1-5-21-89369655-3679999935-2157184473-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 04:22:20 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/07/2015 03:08:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Bei der Aktivierung der App „Facebook.Facebook_8xx8rvfyw5nnt!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/07/2015 03:07:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ffc

Startzeit: 01d07133229cf0ba

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 16ffe1f4-dd27-11e4-83fc-20689d450095

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/07/2015 03:01:45 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/07/2015 02:58:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\UIRibbon.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Windows-Explorer wurde wegen dieses Fehlers geschlossen.

Programm: Windows-Explorer
Datei: C:\Windows\System32\UIRibbon.dll

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000009C
Datenträgertyp: 3

Error: (04/07/2015 02:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: UIRibbon.dll, Version: 6.3.9600.17415, Zeitstempel: 0x545050dd
Ausnahmecode: 0xc0000006
Fehleroffset: 0x000000000008e0f0
ID des fehlerhaften Prozesses: 0xb7c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (04/07/2015 02:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Bei der Aktivierung der App „Facebook.Facebook_8xx8rvfyw5nnt!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/07/2015 02:35:12 PM) (Source: MsiInstaller) (EventID: 11925) (User: JOHANNES-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.

Error: (03/31/2015 11:04:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/31/2015 11:04:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (04/07/2015 03:42:53 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:42:28 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:42:23 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:42:00 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:41:53 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:41:48 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:41:38 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:41:30 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:41:08 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (04/07/2015 03:41:04 PM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (04/07/2015 04:22:20 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/07/2015 03:08:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Facebook.Facebook_8xx8rvfyw5nnt!App-2144927142

Error: (04/07/2015 03:07:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689ffc01d07133229cf0ba4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe16ffe1f4-dd27-11e4-83fc-20689d450095microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/07/2015 03:01:45 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
  bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)

Error: (04/07/2015 02:58:18 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\UIRibbon.dllWindows-ExplorerC000009C3

Error: (04/07/2015 02:58:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2UIRibbon.dll6.3.9600.17415545050ddc0000006000000000008e0f0b7c01d0712eda65c63cC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\UIRibbon.dllc2a99054-dd25-11e4-83fb-20689d450095

Error: (04/07/2015 02:45:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Facebook.Facebook_8xx8rvfyw5nnt!App-2144927142

Error: (04/07/2015 02:35:12 PM) (Source: MsiInstaller) (EventID: 11925) (User: JOHANNES-PC)
Description: Produkt: Microsoft Visual C++ 2005 Redistributable -- Error 1925.Sie besitzen keine ausreichenden Berechtigungen, um diese Installation für alle Benutzer dieses Computers auszuführen. Melden Sie sich als Administrator an, und wiederholen Sie diese Installation.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/31/2015 11:04:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (03/31/2015 11:04:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHANNES-PC)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 5962.27 MB
Available physical RAM: 3825.97 MB
Total Pagefile: 12106.27 MB
Available Pagefile: 9680.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:677.98 GB) (Free:396.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 7879DAF3)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 08.04.2015 06:15
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    ClipCnv

    FoxyDeal

    Iminent

    Your Software Deals 1.0.0


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Johannes K 08.04.2015 10:54
Hi,
Also das deinstallieren der Programme hat funktioniert. Jedoch gab es das Programm Iminent nicht auf meinem Computer.

Combifix könnte ich nicht installieren weil mein Betriebssystem anscheinend nicht unterstützt wird... Obwohl ich Windows 8 habe... Das Programm hat mir gesagt Windows 2000 wird nicht unterstützt.

Gruß
Johannes

Ich habe gerade geschaut ...vermutlich liegt es daran, dass ich Windows 8.1 habe. Das wird von Combifix nicht unterstützt.
Gibt es da eine Möglichkeit das zu umgehen?

schrauber 08.04.2015 17:52
mein Fehler :)


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Johannes K 09.04.2015 17:18
Okay hab alles gemacht:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 09.04.2015 13:10:07, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Starting,
Protection, 09.04.2015 13:10:07, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Started,
Protection, 09.04.2015 13:10:07, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 13:10:07, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,
Update, 09.04.2015 13:10:23, SYSTEM, JOHANNES-PC, Manual, Rootkit Database, 2015.2.25.1, 2015.3.31.1,
Update, 09.04.2015 13:10:26, SYSTEM, JOHANNES-PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,
Update, 09.04.2015 13:11:06, SYSTEM, JOHANNES-PC, Manual, Malware Database, 2015.3.9.5, 2015.4.9.4,
Protection, 09.04.2015 13:11:06, SYSTEM, JOHANNES-PC, Protection, Refresh, Starting,
Protection, 09.04.2015 13:11:06, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Stopping,
Protection, 09.04.2015 13:11:06, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Stopped,
Protection, 09.04.2015 13:11:11, SYSTEM, JOHANNES-PC, Protection, Refresh, Success,
Protection, 09.04.2015 13:11:11, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 13:11:11, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,
Detection, 09.04.2015 14:48:26, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.DataMgr.A, C:\Users\Johannes\AppData\Roaming\DataMgr\DataMgr.exe, Quarantäne, [2d5b77f3d9b1f83e843d6959e2213fc1]
Detection, 09.04.2015 14:48:30, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.DataMgr.A, c:\users\johannes\appdata\roaming\datamgr\datamgr.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [2d5b77f3d9b1f83e843d6959e2213fc1]
Detection, 09.04.2015 14:48:41, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.DataMgr.A, c:\users\johannes\appdata\roaming\datamgr\datamgr.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [2d5b77f3d9b1f83e843d6959e2213fc1]
Detection, 09.04.2015 14:48:49, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.DataMgr.A, c:\users\johannes\appdata\roaming\datamgr\datamgr.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [2d5b77f3d9b1f83e843d6959e2213fc1]
Protection, 09.04.2015 14:50:59, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Starting,
Protection, 09.04.2015 14:50:59, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Started,
Protection, 09.04.2015 14:50:59, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 14:52:12, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,
Detection, 09.04.2015 14:58:32, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, IP, 62.219.81.123, static.app.widdit.com, 49534, Outbound, C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe,
Detection, 09.04.2015 14:58:32, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, IP, 62.219.81.123, static.app.widdit.com, 49534, Outbound, C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe,
Detection, 09.04.2015 14:58:32, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, IP, 62.219.81.123, static.app.widdit.com, 49535, Outbound, C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe,
Update, 09.04.2015 15:24:39, SYSTEM, JOHANNES-PC, Scheduler, Malware Database, 2015.4.9.4, 2015.4.9.5,
Protection, 09.04.2015 15:24:39, SYSTEM, JOHANNES-PC, Protection, Refresh, Starting,
Protection, 09.04.2015 15:24:39, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Stopping,
Protection, 09.04.2015 15:24:40, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Stopped,
Protection, 09.04.2015 15:29:10, SYSTEM, JOHANNES-PC, Protection, Refresh, Success,
Protection, 09.04.2015 15:29:10, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 15:29:10, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,
Detection, 09.04.2015 16:49:35, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.BestToolBars.A, C:\Program Files (x86)\SeeSimilar\ScriptHost.dll, Quarantäne, [bbce2b3f6921f83e4f12d455e41ef30d]
Detection, 09.04.2015 16:49:38, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.SeeSimilar.A, C:\Program Files (x86)\SeeSimilar\BackgroundHost.exe, Quarantäne, [85041456aedcd066e18f664fb1528c74]
Detection, 09.04.2015 16:49:45, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.PiccShare.A, C:\Users\Johannes\AppData\Local\ext_piccshare\ext_piccshare.dll, Quarantäne, [83063f2bb4d6ac8a74a7900deb18f010]
Detection, 09.04.2015 16:49:52, SYSTEM, JOHANNES-PC, Protection, Malwareschutz, Datei, PUP.Optional.SeeSimilar.A, c:\program files (x86)\seesimilar\backgroundhost.exe, Quarantine Failed, 2, Das System kann die angegebene Datei nicht finden.  , [85041456aedcd066e18f664fb1528c74]
Protection, 09.04.2015 16:54:13, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Starting,
Protection, 09.04.2015 16:54:14, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Started,
Protection, 09.04.2015 16:54:14, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 16:55:29, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,
Detection, 09.04.2015 17:06:13, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, IP, 62.219.81.123, static.app.widdit.com, 49251, Outbound, C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe,
Detection, 09.04.2015 17:06:13, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, IP, 62.219.81.123, static.app.widdit.com, 49251, Outbound, C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe,
Detection, 09.04.2015 17:06:13, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, IP, 62.219.81.123, static.app.widdit.com, 49254, Outbound, C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe,
Protection, 09.04.2015 17:18:30, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Starting,
Protection, 09.04.2015 17:18:30, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Started,
Protection, 09.04.2015 17:18:30, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 17:20:16, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,
Protection, 09.04.2015 18:11:10, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Starting,
Protection, 09.04.2015 18:11:10, SYSTEM, JOHANNES-PC, Protection, Malware Protection, Started,
Protection, 09.04.2015 18:11:10, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.04.2015 18:11:10, SYSTEM, JOHANNES-PC, Protection, Malicious Website Protection, Started,

(end)
Code:
# AdwCleaner v4.201 - Bericht erstellt 09/04/2015 um 18:13:29
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Johannes - JOHANNES-PC
# Gestarted von : C:\Users\Johannes\Downloads\AdwCleaner_4.201.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 de)


*************************

AdwCleaner[R0].txt - [52560 Bytes] - [09/04/2015 17:09:54]
AdwCleaner[R1].txt - [702 Bytes] - [09/04/2015 18:13:29]
AdwCleaner[S0].txt - [50237 Bytes] - [09/04/2015 17:16:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [820 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Johannes on 09.04.2015 at 17:22:40,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"



~~~ FireFox

Successfully deleted: [File] C:\Users\Johannes\AppData\Roaming\mozilla\firefox\profiles\udgs4pa7.default\extensions\ff_v0.6@piccshare.com.xpi



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2015 at 17:28:13,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Johannes (administrator) on JOHANNES-PC on 09-04-2015 18:16:52
Running from C:\Users\Johannes\Downloads
Loaded Profiles: Johannes (Available profiles: UpdatusUser & Johannes & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Users\Johannes\Downloads\AdwCleaner_4.201.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-22] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Google Update] => "C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [MusicManager] => C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Spotify Web Helper] => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-04-08] (Spotify Ltd)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\MountPoints2: {90d4c22a-4f94-11e3-bfe1-20689d450095} - "E:\SISetup.exe"
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DREAMA~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> {7716859D-5137-4A19-93F9-101D9A9FD28B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default
FF SelectedSearchEngine: Search
FF DefaultSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-04] ()
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\search_the_web.xml [2013-08-30]
FF Extension: FavGenius - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\fg@favgenius.com.xpi [2015-03-30]
FF Extension: Simple New Tab - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\snt@simplenewtab.com.xpi [2014-12-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Johannes\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\Johannes\AppData\Roaming\SeeSimilar\SeeSimilar.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2014-03-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-12] (Dritek System INC.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-12] (Dritek System Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-22] (Duplex Secure Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 17:28 - 2015-04-09 17:28 - 00000897 _____ () C:\Users\Johannes\Desktop\JRT.txt
2015-04-09 17:22 - 2015-04-09 17:22 - 02686959 _____ (Thisisu) C:\Users\Johannes\Downloads\JRT.exe
2015-04-09 17:22 - 2015-04-09 17:22 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JOHANNES-PC-Windows-8.1-(64-bit).dat
2015-04-09 17:22 - 2015-04-09 17:22 - 00000000 ____D () C:\RegBackup
2015-04-09 17:09 - 2015-04-09 18:14 - 00000000 ____D () C:\AdwCleaner
2015-04-09 17:09 - 2015-04-09 17:09 - 02217984 _____ () C:\Users\Johannes\Downloads\AdwCleaner_4.201.exe
2015-04-09 17:08 - 2015-04-09 17:08 - 00006211 _____ () C:\mbam.txt
2015-04-09 17:07 - 2015-04-09 17:07 - 00006211 _____ () C:\Malware.txt
2015-04-09 16:53 - 2015-04-09 16:53 - 00292408 _____ () C:\WINDOWS\Minidump\040915-29296-01.dmp
2015-04-09 14:50 - 2015-04-09 14:50 - 00293176 _____ () C:\WINDOWS\Minidump\040915-31546-01.dmp
2015-04-09 13:10 - 2015-04-09 18:15 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 13:09 - 2015-04-09 13:09 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-09 13:09 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-09 13:09 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-09 13:09 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-09 13:06 - 2015-04-09 13:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Johannes\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 12:08 - 2015-04-08 12:08 - 00001873 _____ () C:\Users\Johannes\Desktop\Spotify.lnk
2015-04-08 12:08 - 2015-04-08 12:08 - 00001859 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 11:51 - 2015-04-08 11:51 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (3).exe
2015-04-08 11:29 - 2015-04-08 11:30 - 00292408 _____ () C:\WINDOWS\Minidump\040815-31359-01.dmp
2015-04-08 11:27 - 2015-04-08 11:27 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (2).exe
2015-04-08 11:26 - 2015-04-08 11:27 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (1).exe
2015-04-08 11:25 - 2015-04-08 11:26 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix.exe
2015-04-08 11:12 - 2015-04-08 11:12 - 00001284 _____ () C:\Users\Johannes\Desktop\Revo Uninstaller.lnk
2015-04-08 11:12 - 2015-04-08 11:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-08 11:11 - 2015-04-08 11:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes\Downloads\revosetup95.exe
2015-04-07 23:53 - 2015-04-07 23:53 - 00292696 _____ () C:\WINDOWS\Minidump\040715-29765-01.dmp
2015-04-07 16:30 - 2015-04-07 16:30 - 00047508 _____ () C:\Users\Johannes\Downloads\Addition.txt
2015-04-07 16:28 - 2015-04-09 18:16 - 00022240 _____ () C:\Users\Johannes\Downloads\FRST.txt
2015-04-07 16:28 - 2015-04-09 18:16 - 00000000 ____D () C:\FRST
2015-04-07 16:26 - 2015-04-07 16:26 - 02095616 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2015-04-07 15:00 - 2015-04-07 15:01 - 00293560 _____ () C:\WINDOWS\Minidump\040715-51875-01.dmp
2015-03-31 23:08 - 2015-03-31 23:09 - 00292792 _____ () C:\WINDOWS\Minidump\033115-24984-01.dmp
2015-03-31 22:42 - 2015-03-31 22:43 - 00293656 _____ () C:\WINDOWS\Minidump\033115-26984-01.dmp
2015-03-31 22:03 - 2015-03-31 22:03 - 00292792 _____ () C:\WINDOWS\Minidump\033115-26515-01.dmp
2015-03-31 20:21 - 2015-03-31 20:22 - 00292696 _____ () C:\WINDOWS\Minidump\033115-151375-01.dmp
2015-03-31 20:17 - 2015-03-31 20:17 - 00000000 __SHD () C:\found.000
2015-03-31 13:29 - 2015-03-31 13:30 - 00295576 _____ () C:\WINDOWS\Minidump\033115-24859-01.dmp
2015-03-31 12:31 - 2015-03-31 13:27 - 00023964 _____ () C:\Users\Johannes\Documents\untitled_AutoSave.gcs
2015-03-29 22:47 - 2015-03-29 22:47 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-03-29 22:47 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-03-29 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 22:44 - 2015-03-29 22:44 - 00243648 _____ () C:\Users\Johannes\Downloads\Firefox Setup Stub 36.0.4.exe
2015-03-25 16:36 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-24 01:05 - 2015-03-24 01:05 - 00735304 _____ () C:\WINDOWS\Minidump\032415-19578-01.dmp
2015-03-22 12:23 - 2015-03-22 14:33 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\GoPro
2015-03-22 12:22 - 2015-03-22 18:48 - 00000000 ____D () C:\Users\Public\CineForm
2015-03-22 12:22 - 2015-03-22 12:22 - 00001128 _____ () C:\Users\Johannes\Desktop\GoPro Studio.lnk
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Users\Johannes\AppData\Local\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\CineForm
2015-03-22 12:17 - 2015-03-22 12:22 - 00002272 _____ () C:\WINDOWS\DPINST.LOG
2015-03-22 12:17 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-22 11:59 - 2015-03-22 11:59 - 01203488 _____ () C:\Users\Johannes\Downloads\GoPro Studio - CHIP-Installer.exe
2015-03-17 21:29 - 2015-03-17 21:29 - 00001516 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2015-03-17 21:25 - 2015-03-17 21:25 - 01203488 _____ () C:\Users\Johannes\Downloads\Free Video Flip and Rotate - CHIP-Installer.exe
2015-03-12 18:04 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-12 18:04 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-12 18:04 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-12 18:04 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-12 18:04 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-12 18:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-12 18:04 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-12 18:04 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-12 18:04 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-12 18:04 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-12 18:03 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-12 18:03 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-12 18:03 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-12 18:03 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-12 18:03 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-12 18:03 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-12 18:03 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-12 18:03 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-12 18:03 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-12 18:03 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-12 18:03 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-12 18:03 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-12 18:03 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-12 18:03 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-12 18:03 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-12 18:03 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-12 18:03 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-12 18:03 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-12 18:03 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-12 18:03 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-12 18:03 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-12 18:03 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-12 18:03 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-12 18:03 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-12 18:03 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-12 18:03 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-12 18:03 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 18:03 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-12 18:03 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-12 18:03 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 18:03 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-12 18:03 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-12 18:03 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-12 18:03 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-12 18:03 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-12 18:03 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-12 18:03 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-12 18:03 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-12 18:03 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-12 17:34 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-12 17:34 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-12 17:34 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-12 17:34 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-12 17:34 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-12 17:34 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-12 17:34 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-12 17:34 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-12 17:34 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-12 17:34 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-12 17:34 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-12 17:34 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-12 17:34 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-12 17:32 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-12 17:32 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-12 17:32 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-12 17:32 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-12 17:32 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-12 17:32 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-12 17:32 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-12 17:32 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-12 17:32 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-12 17:32 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-12 17:32 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-12 17:32 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-12 17:32 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-12 17:32 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-12 17:32 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-12 17:32 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-12 17:32 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-12 17:32 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-12 17:32 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-12 17:32 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-12 17:32 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-12 17:32 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-12 17:32 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-12 17:32 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-12 17:32 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-12 17:32 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-12 17:32 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-12 17:32 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-12 17:32 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-12 17:32 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-12 17:32 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-12 17:32 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-12 17:32 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-12 17:32 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-12 17:32 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-12 17:32 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-12 17:32 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-12 17:31 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-12 17:31 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-12 17:31 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-12 17:31 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-12 17:31 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-12 17:31 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-12 17:30 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-12 17:30 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 18:15 - 2014-07-26 17:59 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002UA.job
2015-04-09 18:12 - 2013-05-03 17:24 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-09 17:41 - 2013-10-22 15:47 - 01603946 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-09 17:34 - 2013-12-26 21:20 - 00000000 ___DO () C:\Users\Johannes\SkyDrive
2015-04-09 17:33 - 2013-05-03 17:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-89369655-3679999935-2157184473-1002
2015-04-09 17:22 - 2014-03-15 12:18 - 00000000 ___RD () C:\Users\Johannes\Dropbox
2015-04-09 17:22 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Dropbox
2015-04-09 17:22 - 2013-05-14 21:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-09 17:21 - 2014-04-26 20:37 - 00000000 ___RD () C:\Users\Johannes\Google Drive
2015-04-09 17:20 - 2014-12-09 22:57 - 00001384 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-04-09 17:20 - 2014-12-09 22:55 - 00001359 _____ () C:\Users\Johannes\Desktop\Chrome.lnk
2015-04-09 17:18 - 2013-10-08 12:35 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec41217e0faff.job
2015-04-09 17:17 - 2013-12-11 23:05 - 00036909 _____ () C:\WINDOWS\setupact.log
2015-04-09 17:17 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-09 17:16 - 2014-09-25 15:06 - 00001066 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-09 17:16 - 2013-07-28 16:44 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Common
2015-04-09 16:53 - 2013-10-27 13:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-09 16:53 - 2013-04-03 10:30 - 696524741 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-09 14:54 - 2013-10-22 15:23 - 00000000 ____D () C:\Users\Johannes
2015-04-09 14:50 - 2013-12-26 19:26 - 00273964 _____ () C:\WINDOWS\PFRO.log
2015-04-09 13:08 - 2013-05-11 17:05 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Adobe
2015-04-09 13:07 - 2013-10-28 21:23 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{965EBEB5-AFC7-45A7-A256-B0D90091556D}
2015-04-09 13:03 - 2014-08-18 13:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 13:03 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 13:02 - 2013-06-09 21:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 13:34 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-08 12:21 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Spotify
2015-04-08 12:08 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Spotify
2015-04-08 11:50 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-08 11:50 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-08 11:50 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-08 11:22 - 2013-12-09 18:51 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-04-08 11:15 - 2014-07-26 17:59 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002Core.job
2015-04-08 11:05 - 2014-03-15 12:18 - 00001083 _____ () C:\Users\Johannes\Desktop\Dropbox.lnk
2015-04-08 11:05 - 2014-03-14 22:21 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-07 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-07 14:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-07 14:46 - 2013-06-09 21:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Avira
2015-04-07 14:45 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 13:23 - 2012-08-02 13:37 - 00000000 ____D () C:\ProgramData\Temp
2015-03-29 22:47 - 2013-09-13 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-29 22:47 - 2013-05-14 20:57 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Mozilla
2015-03-29 16:08 - 2014-10-08 22:58 - 00015174 _____ () C:\Users\Johannes\Documents\Lohn Oktober.xlsx
2015-03-29 16:04 - 2014-10-08 22:38 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Deployment
2015-03-29 15:48 - 2013-05-10 16:45 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\vlc
2015-03-27 18:31 - 2013-08-22 16:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-27 18:25 - 2013-05-05 00:59 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-25 17:26 - 2014-12-10 20:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-25 17:26 - 2014-07-10 17:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-17 21:29 - 2015-02-06 16:56 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-17 21:29 - 2013-05-07 22:47 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
2015-03-16 21:58 - 2013-05-04 11:39 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Apple Computer
2015-03-16 19:32 - 2013-12-26 19:13 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-15 17:46 - 2013-05-04 11:27 - 00000000 ____D () C:\Users\Johannes\Documents\CyberLink
2015-03-14 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-14 12:35 - 2013-08-22 16:44 - 05112832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-14 00:15 - 2013-05-11 16:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 00:14 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-03-13 21:47 - 2013-05-10 16:44 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:47 - 2013-05-10 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-10 16:49 - 2013-06-09 21:04 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-03-10 16:49 - 2013-06-09 21:04 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-03-10 16:49 - 2013-06-09 21:04 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys

==================== Files in the root of some directories =======

2013-10-07 22:19 - 2013-10-07 22:19 - 5082084 _____ (The Public) C:\Users\Johannes\AppData\Roaming\Avisynth.exe
2013-10-07 22:19 - 2013-10-07 22:20 - 5243208 _____ (                                                            ) C:\Users\Johannes\AppData\Roaming\AvsP.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 5514668 _____ (LIGHTNING UK!) C:\Users\Johannes\AppData\Roaming\Imgburn.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 1357348 _____ () C:\Users\Johannes\AppData\Roaming\MatroskaSplitter.exe
2013-10-07 22:20 - 2013-10-07 22:20 - 7760687 _____ (Boraxsoft) C:\Users\Johannes\AppData\Roaming\SetupGFD.exe
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\SystemConfiguration
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Tables
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Techno Kit
2013-10-07 22:19 - 2013-10-07 22:19 - 0117723 _____ () C:\Users\Johannes\AppData\Roaming\yuvcodecs-1.3.exe
2013-08-19 19:07 - 2015-03-04 17:52 - 0012800 _____ () C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 15:48 - 2014-05-14 20:00 - 0000080 _____ () C:\Users\Johannes\AppData\Local\X-Plane Installer.prf
2013-05-11 12:18 - 2014-05-14 20:03 - 0000073 _____ () C:\Users\Johannes\AppData\Local\X-Plane_drm.prf
2013-05-11 12:19 - 2014-04-26 18:50 - 0000245 _____ () C:\Users\Johannes\AppData\Local\x-plane_install_10.txt
2012-09-12 19:08 - 2012-09-12 19:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 13:37 - 2013-12-30 13:45 - 0000303 _____ () C:\ProgramData\hpzinstall.log
2013-05-03 19:14 - 2013-05-03 19:14 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-05-03 19:14 - 2014-11-19 23:43 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-05-03 19:14 - 2014-11-06 22:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Textures
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Themes
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Track Settings

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\22kaxvks.dll
C:\Users\Johannes\AppData\Local\Temp\2bfge5eo.dll
C:\Users\Johannes\AppData\Local\Temp\6gofsl67.dll
C:\Users\Johannes\AppData\Local\Temp\a3onmuml.dll
C:\Users\Johannes\AppData\Local\Temp\AutoRun.exe
C:\Users\Johannes\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\b6zeu71a.dll
C:\Users\Johannes\AppData\Local\Temp\cxoyhhlj.dll
C:\Users\Johannes\AppData\Local\Temp\cz0_zyus.dll
C:\Users\Johannes\AppData\Local\Temp\dbwk4i1y.dll
C:\Users\Johannes\AppData\Local\Temp\dhckg-lj.dll
C:\Users\Johannes\AppData\Local\Temp\dlfkctko.dll
C:\Users\Johannes\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4cilep.dll
C:\Users\Johannes\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Johannes\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Johannes\AppData\Local\Temp\e57co--u.dll
C:\Users\Johannes\AppData\Local\Temp\e91tohsu.dll
C:\Users\Johannes\AppData\Local\Temp\fe7qt9oi.dll
C:\Users\Johannes\AppData\Local\Temp\fo-l87go.dll
C:\Users\Johannes\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Johannes\AppData\Local\Temp\fztctfuz.dll
C:\Users\Johannes\AppData\Local\Temp\gk0msjmv.dll
C:\Users\Johannes\AppData\Local\Temp\gwoudkdh.dll
C:\Users\Johannes\AppData\Local\Temp\g_vvqi0j.dll
C:\Users\Johannes\AppData\Local\Temp\h9q_apes.dll
C:\Users\Johannes\AppData\Local\Temp\htsiki1c.dll
C:\Users\Johannes\AppData\Local\Temp\idkdfqzq.dll
C:\Users\Johannes\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Johannes\AppData\Local\Temp\jm7nk1bz.dll
C:\Users\Johannes\AppData\Local\Temp\jr1f5vlj.dll
C:\Users\Johannes\AppData\Local\Temp\k-w5yhk7.dll
C:\Users\Johannes\AppData\Local\Temp\kgq1a-ge.dll
C:\Users\Johannes\AppData\Local\Temp\kpobcyc7.dll
C:\Users\Johannes\AppData\Local\Temp\krs04jpi.dll
C:\Users\Johannes\AppData\Local\Temp\lecoefcw.dll
C:\Users\Johannes\AppData\Local\Temp\loccgs4w.dll
C:\Users\Johannes\AppData\Local\Temp\lvz5r6vx.dll
C:\Users\Johannes\AppData\Local\Temp\mtpwvnir.dll
C:\Users\Johannes\AppData\Local\Temp\mx2ynl_o.dll
C:\Users\Johannes\AppData\Local\Temp\ose00000.exe
C:\Users\Johannes\AppData\Local\Temp\ozqqte2m.dll
C:\Users\Johannes\AppData\Local\Temp\pfn5v1qm.dll
C:\Users\Johannes\AppData\Local\Temp\q8j_3zps.dll
C:\Users\Johannes\AppData\Local\Temp\qtav92jm.dll
C:\Users\Johannes\AppData\Local\Temp\Quarantine.exe
C:\Users\Johannes\AppData\Local\Temp\qyrpczjx.dll
C:\Users\Johannes\AppData\Local\Temp\r-uuzkg7.dll
C:\Users\Johannes\AppData\Local\Temp\raoykoow.dll
C:\Users\Johannes\AppData\Local\Temp\s3pd_b8t.dll
C:\Users\Johannes\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Johannes\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Johannes\AppData\Local\Temp\siinst.exe
C:\Users\Johannes\AppData\Local\Temp\siuninst.exe
C:\Users\Johannes\AppData\Local\Temp\snfww3eq.dll
C:\Users\Johannes\AppData\Local\Temp\sqlite3.dll
C:\Users\Johannes\AppData\Local\Temp\strings.dll
C:\Users\Johannes\AppData\Local\Temp\ticmwmrm.dll
C:\Users\Johannes\AppData\Local\Temp\tmd_34011138.exe
C:\Users\Johannes\AppData\Local\Temp\tmd_34013832.exe
C:\Users\Johannes\AppData\Local\Temp\tmd_34018253.exe
C:\Users\Johannes\AppData\Local\Temp\tv7rzvor.dll
C:\Users\Johannes\AppData\Local\Temp\ukvr85sv.dll
C:\Users\Johannes\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Johannes\AppData\Local\Temp\vt0o2ejm.dll
C:\Users\Johannes\AppData\Local\Temp\vzdoii2g.dll
C:\Users\Johannes\AppData\Local\Temp\wxblsjuf.dll
C:\Users\Johannes\AppData\Local\Temp\xqh_t9ns.dll
C:\Users\Johannes\AppData\Local\Temp\y2ejay9g.dll
C:\Users\Johannes\AppData\Local\Temp\yrrrillk.dll
C:\Users\Johannes\AppData\Local\Temp\z2qgjzwv.dll
C:\Users\Johannes\AppData\Local\Temp\_xaktzhe.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-09 17:35

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 10.04.2015 07:45

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Johannes K 11.04.2015 14:08
Liste der Anhänge anzeigen (Anzahl: 1)
Der Eset scan hat 3,5 Stunden gebraucht und leider kann ich meinen Explorer nicht öffnen weil dann mein PC immer abstürzt deswegen der log als Anhang.

und hier vom Security check:
Code:
Results of screen317's Security Check version 1.00 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus   
Windows Defender 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        16.0.0.305 Flash Player out of Date! 
 Mozilla Firefox 36.0.4 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Johannes K 11.04.2015 14:59
Hier noch das FRST log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Johannes (administrator) on JOHANNES-PC on 11-04-2015 15:57:55
Running from C:\Users\Johannes\Downloads
Loaded Profiles: UpdatusUser & Johannes (Available profiles: UpdatusUser & Johannes & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Dropbox, Inc.) C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-22] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Google Update] => "C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [MusicManager] => C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Spotify Web Helper] => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-04-08] (Spotify Ltd)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\MountPoints2: {90d4c22a-4f94-11e3-bfe1-20689d450095} - "E:\SISetup.exe"
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DREAMA~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> {7716859D-5137-4A19-93F9-101D9A9FD28B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default
FF SelectedSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-04] ()
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\search_the_web.xml [2013-08-30]
FF Extension: FavGenius - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\fg@favgenius.com.xpi [2015-03-30]
FF Extension: Simple New Tab - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\snt@simplenewtab.com.xpi [2014-12-24]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Johannes\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\Johannes\AppData\Roaming\SeeSimilar\SeeSimilar.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2014-03-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-12] (Dritek System INC.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-12] (Dritek System Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-22] (Duplex Secure Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 15:10 - 2015-04-11 15:11 - 00293656 _____ () C:\WINDOWS\Minidump\041115-26328-01.dmp
2015-04-11 15:04 - 2015-04-11 15:04 - 00852616 _____ () C:\Users\Johannes\Downloads\SecurityCheck.exe
2015-04-11 00:39 - 2015-04-11 00:39 - 02347384 _____ (ESET) C:\Users\Johannes\Downloads\esetsmartinstaller_deu (1).exe
2015-04-10 23:01 - 2015-04-10 23:02 - 00291632 _____ () C:\WINDOWS\Minidump\041015-38953-01.dmp
2015-04-10 22:35 - 2015-04-10 22:35 - 00291152 _____ () C:\WINDOWS\Minidump\041015-37859-01.dmp
2015-04-10 22:00 - 2015-04-10 22:00 - 00291224 _____ () C:\WINDOWS\Minidump\041015-141421-01.dmp
2015-04-10 18:50 - 2015-04-10 18:51 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-10 18:50 - 2015-04-10 18:50 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-10 18:34 - 2015-04-10 18:34 - 00293368 _____ () C:\WINDOWS\Minidump\041015-24359-01.dmp
2015-04-10 15:36 - 2015-04-10 15:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-10 15:35 - 2015-04-10 15:35 - 02347384 _____ (ESET) C:\Users\Johannes\Downloads\esetsmartinstaller_deu.exe
2015-04-10 15:30 - 2015-04-10 15:30 - 00293176 _____ () C:\WINDOWS\Minidump\041015-29406-01.dmp
2015-04-09 18:23 - 2015-04-09 18:23 - 00293368 _____ () C:\WINDOWS\Minidump\040915-25359-01.dmp
2015-04-09 17:28 - 2015-04-09 17:28 - 00000897 _____ () C:\Users\Johannes\Desktop\JRT.txt
2015-04-09 17:22 - 2015-04-09 17:22 - 02686959 _____ (Thisisu) C:\Users\Johannes\Downloads\JRT.exe
2015-04-09 17:22 - 2015-04-09 17:22 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JOHANNES-PC-Windows-8.1-(64-bit).dat
2015-04-09 17:22 - 2015-04-09 17:22 - 00000000 ____D () C:\RegBackup
2015-04-09 17:09 - 2015-04-09 18:14 - 00000000 ____D () C:\AdwCleaner
2015-04-09 17:09 - 2015-04-09 17:09 - 02217984 _____ () C:\Users\Johannes\Downloads\AdwCleaner_4.201.exe
2015-04-09 17:08 - 2015-04-09 17:08 - 00006211 _____ () C:\mbam.txt
2015-04-09 17:07 - 2015-04-09 17:07 - 00006211 _____ () C:\Malware.txt
2015-04-09 16:53 - 2015-04-09 16:53 - 00292408 _____ () C:\WINDOWS\Minidump\040915-29296-01.dmp
2015-04-09 14:50 - 2015-04-09 14:50 - 00293176 _____ () C:\WINDOWS\Minidump\040915-31546-01.dmp
2015-04-09 13:10 - 2015-04-11 15:56 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 13:09 - 2015-04-09 13:09 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-09 13:09 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-09 13:09 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-09 13:09 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-09 13:06 - 2015-04-09 13:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Johannes\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 12:08 - 2015-04-08 12:08 - 00001873 _____ () C:\Users\Johannes\Desktop\Spotify.lnk
2015-04-08 12:08 - 2015-04-08 12:08 - 00001859 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 11:51 - 2015-04-08 11:51 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (3).exe
2015-04-08 11:29 - 2015-04-08 11:30 - 00292408 _____ () C:\WINDOWS\Minidump\040815-31359-01.dmp
2015-04-08 11:27 - 2015-04-08 11:27 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (2).exe
2015-04-08 11:26 - 2015-04-08 11:27 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (1).exe
2015-04-08 11:25 - 2015-04-08 11:26 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix.exe
2015-04-08 11:12 - 2015-04-08 11:12 - 00001284 _____ () C:\Users\Johannes\Desktop\Revo Uninstaller.lnk
2015-04-08 11:12 - 2015-04-08 11:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-08 11:11 - 2015-04-08 11:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes\Downloads\revosetup95.exe
2015-04-07 23:53 - 2015-04-07 23:53 - 00292696 _____ () C:\WINDOWS\Minidump\040715-29765-01.dmp
2015-04-07 16:30 - 2015-04-07 16:30 - 00047508 _____ () C:\Users\Johannes\Downloads\Addition.txt
2015-04-07 16:28 - 2015-04-11 15:58 - 00000000 ____D () C:\FRST
2015-04-07 16:28 - 2015-04-11 15:57 - 00026276 _____ () C:\Users\Johannes\Downloads\FRST.txt
2015-04-07 16:26 - 2015-04-07 16:26 - 02095616 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2015-04-07 15:00 - 2015-04-07 15:01 - 00293560 _____ () C:\WINDOWS\Minidump\040715-51875-01.dmp
2015-03-31 23:08 - 2015-03-31 23:09 - 00292792 _____ () C:\WINDOWS\Minidump\033115-24984-01.dmp
2015-03-31 22:42 - 2015-03-31 22:43 - 00293656 _____ () C:\WINDOWS\Minidump\033115-26984-01.dmp
2015-03-31 22:03 - 2015-03-31 22:03 - 00292792 _____ () C:\WINDOWS\Minidump\033115-26515-01.dmp
2015-03-31 20:21 - 2015-03-31 20:22 - 00292696 _____ () C:\WINDOWS\Minidump\033115-151375-01.dmp
2015-03-31 20:17 - 2015-03-31 20:17 - 00000000 __SHD () C:\found.000
2015-03-31 13:29 - 2015-03-31 13:30 - 00295576 _____ () C:\WINDOWS\Minidump\033115-24859-01.dmp
2015-03-31 12:31 - 2015-03-31 13:27 - 00023964 _____ () C:\Users\Johannes\Documents\untitled_AutoSave.gcs
2015-03-29 22:47 - 2015-03-29 22:47 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-03-29 22:47 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-03-29 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 22:44 - 2015-03-29 22:44 - 00243648 _____ () C:\Users\Johannes\Downloads\Firefox Setup Stub 36.0.4.exe
2015-03-25 16:36 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-24 01:05 - 2015-03-24 01:05 - 00735304 _____ () C:\WINDOWS\Minidump\032415-19578-01.dmp
2015-03-22 12:23 - 2015-03-22 14:33 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\GoPro
2015-03-22 12:22 - 2015-03-22 18:48 - 00000000 ____D () C:\Users\Public\CineForm
2015-03-22 12:22 - 2015-03-22 12:22 - 00001128 _____ () C:\Users\Johannes\Desktop\GoPro Studio.lnk
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Users\Johannes\AppData\Local\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\CineForm
2015-03-22 12:17 - 2015-03-22 12:22 - 00002272 _____ () C:\WINDOWS\DPINST.LOG
2015-03-22 12:17 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-17 21:29 - 2015-03-17 21:29 - 00001516 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2015-03-12 18:04 - 2015-02-07 01:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-12 18:04 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-12 18:04 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-12 18:04 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-12 18:04 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-12 18:04 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-12 18:04 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-12 18:04 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-12 18:04 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-12 18:04 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-12 18:03 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-12 18:03 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-12 18:03 - 2015-02-06 03:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-12 18:03 - 2015-02-06 03:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-12 18:03 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-12 18:03 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-12 18:03 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-12 18:03 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-12 18:03 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-12 18:03 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-12 18:03 - 2015-01-30 05:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-12 18:03 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-12 18:03 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-12 18:03 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-12 18:03 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-12 18:03 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-12 18:03 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-12 18:03 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-12 18:03 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-12 18:03 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-12 18:03 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-12 18:03 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-12 18:03 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-12 18:03 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-12 18:03 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-12 18:03 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-12 18:03 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 18:03 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-12 18:03 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-12 18:03 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 18:03 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-12 18:03 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-12 18:03 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-12 18:03 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-12 18:03 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-12 18:03 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-12 18:03 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-12 18:03 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-12 18:03 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-12 17:34 - 2015-03-06 04:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-12 17:34 - 2015-03-06 04:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-12 17:34 - 2015-02-26 01:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-12 17:34 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-12 17:34 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-12 17:34 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-12 17:34 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-12 17:34 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-12 17:34 - 2015-01-28 17:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-12 17:34 - 2015-01-28 17:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-12 17:34 - 2015-01-28 17:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-12 17:34 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-12 17:34 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-12 17:32 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-12 17:32 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-12 17:32 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-12 17:32 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-12 17:32 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-12 17:32 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-12 17:32 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-12 17:32 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-12 17:32 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-12 17:32 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-12 17:32 - 2015-02-20 04:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-12 17:32 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-12 17:32 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-12 17:32 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-12 17:32 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-12 17:32 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-12 17:32 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-12 17:32 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-12 17:32 - 2015-02-20 03:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-12 17:32 - 2015-02-20 03:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-12 17:32 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-12 17:32 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-12 17:32 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-12 17:32 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-12 17:32 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-12 17:32 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-12 17:32 - 2015-02-20 03:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-12 17:32 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-12 17:32 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-12 17:32 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-12 17:32 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-12 17:32 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-12 17:32 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-12 17:32 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-12 17:32 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-12 17:32 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-12 17:32 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-12 17:31 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-12 17:31 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-12 17:31 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-12 17:31 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-12 17:31 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-12 17:31 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-12 17:30 - 2015-01-21 07:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-12 17:30 - 2015-01-21 07:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 15:57 - 2014-04-26 20:37 - 00000000 ___RD () C:\Users\Johannes\Google Drive
2015-04-11 15:57 - 2014-03-15 12:18 - 00000000 ___RD () C:\Users\Johannes\Dropbox
2015-04-11 15:57 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Dropbox
2015-04-11 15:57 - 2013-12-26 21:20 - 00000000 ___DO () C:\Users\Johannes\SkyDrive
2015-04-11 15:56 - 2013-10-22 15:23 - 00000000 ____D () C:\Users\Johannes
2015-04-11 15:56 - 2013-10-08 12:35 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec41217e0faff.job
2015-04-11 15:48 - 2013-10-22 15:47 - 01172214 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-11 15:22 - 2013-05-14 21:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-11 15:15 - 2014-07-26 17:59 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002UA.job
2015-04-11 15:12 - 2013-05-03 17:24 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 15:11 - 2013-12-11 23:05 - 00037833 _____ () C:\WINDOWS\setupact.log
2015-04-11 15:11 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-11 15:10 - 2013-10-27 13:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-11 15:10 - 2013-04-03 10:30 - 836554693 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-11 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-11 14:46 - 2013-10-28 21:23 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{965EBEB5-AFC7-45A7-A256-B0D90091556D}
2015-04-11 11:42 - 2013-05-11 17:05 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Adobe
2015-04-11 11:15 - 2014-07-26 17:59 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002Core.job
2015-04-11 00:55 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-10 18:51 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-10 17:02 - 2014-10-08 22:58 - 00015435 _____ () C:\Users\Johannes\Documents\Lohn Oktober.xlsx
2015-04-10 16:58 - 2014-10-08 22:38 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Deployment
2015-04-10 15:37 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-10 15:37 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-10 15:37 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-10 15:02 - 2013-05-03 17:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-89369655-3679999935-2157184473-1002
2015-04-09 17:20 - 2014-12-09 22:57 - 00001384 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-04-09 17:20 - 2014-12-09 22:55 - 00001359 _____ () C:\Users\Johannes\Desktop\Chrome.lnk
2015-04-09 17:16 - 2014-09-25 15:06 - 00001066 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-09 17:16 - 2013-07-28 16:44 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Common
2015-04-09 14:50 - 2013-12-26 19:26 - 00273964 _____ () C:\WINDOWS\PFRO.log
2015-04-09 13:03 - 2014-08-18 13:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 13:03 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 13:02 - 2013-06-09 21:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 12:21 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Spotify
2015-04-08 12:08 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Spotify
2015-04-08 11:22 - 2013-12-09 18:51 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-04-08 11:05 - 2014-03-15 12:18 - 00001083 _____ () C:\Users\Johannes\Desktop\Dropbox.lnk
2015-04-08 11:05 - 2014-03-14 22:21 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-07 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-07 14:46 - 2013-06-09 21:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Avira
2015-04-07 14:45 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 13:23 - 2012-08-02 13:37 - 00000000 ____D () C:\ProgramData\Temp
2015-03-29 22:47 - 2013-09-13 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-29 22:47 - 2013-05-14 20:57 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Mozilla
2015-03-29 15:48 - 2013-05-10 16:45 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\vlc
2015-03-27 18:31 - 2013-08-22 16:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-27 18:25 - 2013-05-05 00:59 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-25 17:26 - 2014-12-10 20:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-25 17:26 - 2014-07-10 17:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-17 21:29 - 2015-02-06 16:56 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-17 21:29 - 2013-05-07 22:47 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
2015-03-16 21:58 - 2013-05-04 11:39 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Apple Computer
2015-03-16 19:32 - 2013-12-26 19:13 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-15 17:46 - 2013-05-04 11:27 - 00000000 ____D () C:\Users\Johannes\Documents\CyberLink
2015-03-14 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-14 12:35 - 2013-08-22 16:44 - 05112832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-14 00:15 - 2013-05-11 16:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 00:14 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-03-13 21:47 - 2013-05-10 16:44 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:47 - 2013-05-10 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2013-10-07 22:19 - 2013-10-07 22:19 - 5082084 _____ (The Public) C:\Users\Johannes\AppData\Roaming\Avisynth.exe
2013-10-07 22:19 - 2013-10-07 22:20 - 5243208 _____ (                                                            ) C:\Users\Johannes\AppData\Roaming\AvsP.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 5514668 _____ (LIGHTNING UK!) C:\Users\Johannes\AppData\Roaming\Imgburn.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 1357348 _____ () C:\Users\Johannes\AppData\Roaming\MatroskaSplitter.exe
2013-10-07 22:20 - 2013-10-07 22:20 - 7760687 _____ (Boraxsoft) C:\Users\Johannes\AppData\Roaming\SetupGFD.exe
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\SystemConfiguration
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Tables
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Techno Kit
2013-10-07 22:19 - 2013-10-07 22:19 - 0117723 _____ () C:\Users\Johannes\AppData\Roaming\yuvcodecs-1.3.exe
2013-08-19 19:07 - 2015-03-04 17:52 - 0012800 _____ () C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 15:48 - 2014-05-14 20:00 - 0000080 _____ () C:\Users\Johannes\AppData\Local\X-Plane Installer.prf
2013-05-11 12:18 - 2014-05-14 20:03 - 0000073 _____ () C:\Users\Johannes\AppData\Local\X-Plane_drm.prf
2013-05-11 12:19 - 2014-04-26 18:50 - 0000245 _____ () C:\Users\Johannes\AppData\Local\x-plane_install_10.txt
2012-09-12 19:08 - 2012-09-12 19:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 13:37 - 2013-12-30 13:45 - 0000303 _____ () C:\ProgramData\hpzinstall.log
2013-05-03 19:14 - 2013-05-03 19:14 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-05-03 19:14 - 2014-11-19 23:43 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-05-03 19:14 - 2014-11-06 22:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Textures
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Themes
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Track Settings

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\22kaxvks.dll
C:\Users\Johannes\AppData\Local\Temp\2bfge5eo.dll
C:\Users\Johannes\AppData\Local\Temp\6gofsl67.dll
C:\Users\Johannes\AppData\Local\Temp\a3onmuml.dll
C:\Users\Johannes\AppData\Local\Temp\AutoRun.exe
C:\Users\Johannes\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\b6zeu71a.dll
C:\Users\Johannes\AppData\Local\Temp\cxoyhhlj.dll
C:\Users\Johannes\AppData\Local\Temp\cz0_zyus.dll
C:\Users\Johannes\AppData\Local\Temp\dbwk4i1y.dll
C:\Users\Johannes\AppData\Local\Temp\dhckg-lj.dll
C:\Users\Johannes\AppData\Local\Temp\dlfkctko.dll
C:\Users\Johannes\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnureft.dll
C:\Users\Johannes\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Johannes\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Johannes\AppData\Local\Temp\e57co--u.dll
C:\Users\Johannes\AppData\Local\Temp\e91tohsu.dll
C:\Users\Johannes\AppData\Local\Temp\fe7qt9oi.dll
C:\Users\Johannes\AppData\Local\Temp\fo-l87go.dll
C:\Users\Johannes\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Johannes\AppData\Local\Temp\fztctfuz.dll
C:\Users\Johannes\AppData\Local\Temp\gk0msjmv.dll
C:\Users\Johannes\AppData\Local\Temp\gwoudkdh.dll
C:\Users\Johannes\AppData\Local\Temp\g_vvqi0j.dll
C:\Users\Johannes\AppData\Local\Temp\h9q_apes.dll
C:\Users\Johannes\AppData\Local\Temp\htsiki1c.dll
C:\Users\Johannes\AppData\Local\Temp\idkdfqzq.dll
C:\Users\Johannes\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Johannes\AppData\Local\Temp\jm7nk1bz.dll
C:\Users\Johannes\AppData\Local\Temp\jr1f5vlj.dll
C:\Users\Johannes\AppData\Local\Temp\k-w5yhk7.dll
C:\Users\Johannes\AppData\Local\Temp\kgq1a-ge.dll
C:\Users\Johannes\AppData\Local\Temp\kpobcyc7.dll
C:\Users\Johannes\AppData\Local\Temp\krs04jpi.dll
C:\Users\Johannes\AppData\Local\Temp\lecoefcw.dll
C:\Users\Johannes\AppData\Local\Temp\loccgs4w.dll
C:\Users\Johannes\AppData\Local\Temp\lvz5r6vx.dll
C:\Users\Johannes\AppData\Local\Temp\mtpwvnir.dll
C:\Users\Johannes\AppData\Local\Temp\mx2ynl_o.dll
C:\Users\Johannes\AppData\Local\Temp\ose00000.exe
C:\Users\Johannes\AppData\Local\Temp\ozqqte2m.dll
C:\Users\Johannes\AppData\Local\Temp\pfn5v1qm.dll
C:\Users\Johannes\AppData\Local\Temp\q8j_3zps.dll
C:\Users\Johannes\AppData\Local\Temp\qtav92jm.dll
C:\Users\Johannes\AppData\Local\Temp\qyrpczjx.dll
C:\Users\Johannes\AppData\Local\Temp\r-uuzkg7.dll
C:\Users\Johannes\AppData\Local\Temp\raoykoow.dll
C:\Users\Johannes\AppData\Local\Temp\s3pd_b8t.dll
C:\Users\Johannes\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Johannes\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Johannes\AppData\Local\Temp\siinst.exe
C:\Users\Johannes\AppData\Local\Temp\siuninst.exe
C:\Users\Johannes\AppData\Local\Temp\snfww3eq.dll
C:\Users\Johannes\AppData\Local\Temp\strings.dll
C:\Users\Johannes\AppData\Local\Temp\ticmwmrm.dll
C:\Users\Johannes\AppData\Local\Temp\tmd_34011138.exe
C:\Users\Johannes\AppData\Local\Temp\tmd_34013832.exe
C:\Users\Johannes\AppData\Local\Temp\tmd_34018253.exe
C:\Users\Johannes\AppData\Local\Temp\tv7rzvor.dll
C:\Users\Johannes\AppData\Local\Temp\ukvr85sv.dll
C:\Users\Johannes\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Johannes\AppData\Local\Temp\vt0o2ejm.dll
C:\Users\Johannes\AppData\Local\Temp\vzdoii2g.dll
C:\Users\Johannes\AppData\Local\Temp\wxblsjuf.dll
C:\Users\Johannes\AppData\Local\Temp\xqh_t9ns.dll
C:\Users\Johannes\AppData\Local\Temp\y2ejay9g.dll
C:\Users\Johannes\AppData\Local\Temp\yrrrillk.dll
C:\Users\Johannes\AppData\Local\Temp\z2qgjzwv.dll
C:\Users\Johannes\AppData\Local\Temp\_xaktzhe.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-11 15:25

==================== End Of Log ============================
--- --- ---

schrauber 12.04.2015 07:26
Flash Player und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.

Johannes K 12.04.2015 12:57
Muss ich wirklich nur "Emptytemp:" in das Textdokument eingeben? Weil das FRST findet keine Fixlist Datei...

schrauber 12.04.2015 18:39
Dann speicher die fixlist mal neben FRST, im Downloadordner :)

Johannes K 12.04.2015 21:27
Liste der Anhänge anzeigen (Anzahl: 1)
So jetzt hat es funktioniert:
Hier das Logfile:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by Johannes at 2015-04-12 21:21:34 Run:1
Running from C:\Users\Johannes\Downloads
Loaded Profiles: UpdatusUser & Johannes (Available profiles: UpdatusUser & Johannes & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Emptytemp:
       
*****************

EmptyTemp: => Removed 32.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 22:06:43 ====
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Johannes (administrator) on JOHANNES-PC on 12-04-2015 22:25:38
Running from C:\Users\Johannes\Downloads
Loaded Profiles: UpdatusUser & Johannes (Available profiles: UpdatusUser & Johannes & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\srvany.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\KMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(The Chromium Authors) C:\Users\Johannes\AppData\Local\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [650648 2012-07-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533568 2012-08-22] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Google Update] => "C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [MusicManager] => C:\Users\Johannes\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\Run: [Spotify Web Helper] => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-11] (Spotify Ltd)
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\...\MountPoints2: {90d4c22a-4f94-11e3-bfe1-20689d450095} - "E:\SISetup.exe"
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\DREAMA~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC221hEXM3h432EbOVjSYL8wo5kYPbuighSMtZydsJ9IPqC8tdV9Xvg8cpgK5UIGUwB8OqttP_AiZBxgeV3t5Yzg7Xlh3nMiqg,,
HKU\S-1-5-21-89369655-3679999935-2157184473-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
HKU\S-1-5-21-89369655-3679999935-2157184473-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb6kMKStDbKgksVlAyRcvLHH_WOoCTYHw59xm38pQTg7DcGc4CrbQjzm4bd73xzWC265fXWnUPtc9mxvgkqwfEc3yPsiEfUoqOP8UMBVsBXP7yN14Nu_3fUNA6FpUyP2YqH7uz0PGeOeiOGv6djnmqsaRmqGHA_Aw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-89369655-3679999935-2157184473-1002 -> {7716859D-5137-4A19-93F9-101D9A9FD28B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default
FF SelectedSearchEngine: Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-04] ()
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-89369655-3679999935-2157184473-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Johannes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\searchplugins\search_the_web.xml [2013-08-30]
FF Extension: FavGenius - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\udgs4pa7.default\Extensions\fg@favgenius.com.xpi [2015-03-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Johannes\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [Not Found]
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-89369655-3679999935-2157184473-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\Johannes\AppData\Roaming\SeeSimilar\SeeSimilar.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2014-03-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-12] (Dritek System INC.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-12] (Dritek System Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-10-22] (Duplex Secure Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 22:23 - 2015-04-12 22:23 - 00007680 ___SH () C:\Users\Johannes\Downloads\Thumbs.db
2015-04-12 21:30 - 2015-04-12 21:30 - 00083026 _____ () C:\Users\Johannes\Downloads\Jason Mraz - Im Yours (Pro).gp5
2015-04-12 21:21 - 2015-04-12 21:21 - 00000000 ____D () C:\Users\Johannes\Downloads\FRST-OlderVersion
2015-04-12 14:51 - 2015-04-12 14:51 - 00293272 _____ () C:\WINDOWS\Minidump\041215-26015-01.dmp
2015-04-12 13:46 - 2015-04-12 13:46 - 00002186 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-04-12 13:46 - 2015-04-12 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-04-12 13:46 - 2015-04-12 13:46 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-12 13:46 - 2015-04-12 13:46 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-04-12 13:42 - 2015-04-12 13:42 - 00243656 _____ () C:\Users\Johannes\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-11 17:39 - 2015-04-11 17:39 - 00063617 _____ () C:\Users\Johannes\Downloads\Noah And The Whale - 5 Years Time (Pro).gp5
2015-04-11 17:32 - 2015-04-11 17:33 - 00292984 _____ () C:\WINDOWS\Minidump\041115-20875-01.dmp
2015-04-11 17:07 - 2015-04-11 17:08 - 00293272 _____ () C:\WINDOWS\Minidump\041115-24953-01.dmp
2015-04-11 16:57 - 2015-04-11 16:58 - 00293560 _____ () C:\WINDOWS\Minidump\041115-23578-01.dmp
2015-04-11 16:03 - 2015-04-11 16:03 - 00292696 _____ () C:\WINDOWS\Minidump\041115-22218-01.dmp
2015-04-11 15:10 - 2015-04-11 15:11 - 00293656 _____ () C:\WINDOWS\Minidump\041115-26328-01.dmp
2015-04-11 15:04 - 2015-04-11 15:04 - 00852616 _____ () C:\Users\Johannes\Downloads\SecurityCheck.exe
2015-04-11 00:39 - 2015-04-11 00:39 - 02347384 _____ (ESET) C:\Users\Johannes\Downloads\esetsmartinstaller_deu (1).exe
2015-04-10 23:01 - 2015-04-10 23:02 - 00291632 _____ () C:\WINDOWS\Minidump\041015-38953-01.dmp
2015-04-10 22:35 - 2015-04-10 22:35 - 00291152 _____ () C:\WINDOWS\Minidump\041015-37859-01.dmp
2015-04-10 22:00 - 2015-04-10 22:00 - 00291224 _____ () C:\WINDOWS\Minidump\041015-141421-01.dmp
2015-04-10 18:50 - 2015-04-10 18:51 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-10 18:50 - 2015-04-10 18:50 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-10 18:34 - 2015-04-10 18:34 - 00293368 _____ () C:\WINDOWS\Minidump\041015-24359-01.dmp
2015-04-10 15:35 - 2015-04-10 15:35 - 02347384 _____ (ESET) C:\Users\Johannes\Downloads\esetsmartinstaller_deu.exe
2015-04-10 15:30 - 2015-04-10 15:30 - 00293176 _____ () C:\WINDOWS\Minidump\041015-29406-01.dmp
2015-04-09 18:23 - 2015-04-09 18:23 - 00293368 _____ () C:\WINDOWS\Minidump\040915-25359-01.dmp
2015-04-09 17:28 - 2015-04-09 17:28 - 00000897 _____ () C:\Users\Johannes\Desktop\JRT.txt
2015-04-09 17:22 - 2015-04-09 17:22 - 02686959 _____ (Thisisu) C:\Users\Johannes\Downloads\JRT.exe
2015-04-09 17:22 - 2015-04-09 17:22 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JOHANNES-PC-Windows-8.1-(64-bit).dat
2015-04-09 17:22 - 2015-04-09 17:22 - 00000000 ____D () C:\RegBackup
2015-04-09 17:09 - 2015-04-09 18:14 - 00000000 ____D () C:\AdwCleaner
2015-04-09 17:09 - 2015-04-09 17:09 - 02217984 _____ () C:\Users\Johannes\Downloads\AdwCleaner_4.201.exe
2015-04-09 17:08 - 2015-04-09 17:08 - 00006211 _____ () C:\mbam.txt
2015-04-09 17:07 - 2015-04-09 17:07 - 00006211 _____ () C:\Malware.txt
2015-04-09 16:53 - 2015-04-09 16:53 - 00292408 _____ () C:\WINDOWS\Minidump\040915-29296-01.dmp
2015-04-09 14:50 - 2015-04-09 14:50 - 00293176 _____ () C:\WINDOWS\Minidump\040915-31546-01.dmp
2015-04-09 13:10 - 2015-04-12 22:15 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 13:09 - 2015-04-09 13:09 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-09 13:09 - 2015-04-09 13:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-09 13:09 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-09 13:09 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-09 13:09 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-09 13:06 - 2015-04-09 13:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Johannes\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-08 12:08 - 2015-04-11 17:44 - 00001873 _____ () C:\Users\Johannes\Desktop\Spotify.lnk
2015-04-08 12:08 - 2015-04-11 17:44 - 00001859 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-08 11:51 - 2015-04-08 11:51 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (3).exe
2015-04-08 11:29 - 2015-04-08 11:30 - 00292408 _____ () C:\WINDOWS\Minidump\040815-31359-01.dmp
2015-04-08 11:27 - 2015-04-08 11:27 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (2).exe
2015-04-08 11:26 - 2015-04-08 11:27 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix (1).exe
2015-04-08 11:25 - 2015-04-08 11:26 - 05617096 _____ (Swearware) C:\Users\Johannes\Downloads\ComboFix.exe
2015-04-08 11:12 - 2015-04-08 11:12 - 00001284 _____ () C:\Users\Johannes\Desktop\Revo Uninstaller.lnk
2015-04-08 11:12 - 2015-04-08 11:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-08 11:11 - 2015-04-08 11:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johannes\Downloads\revosetup95.exe
2015-04-07 23:53 - 2015-04-07 23:53 - 00292696 _____ () C:\WINDOWS\Minidump\040715-29765-01.dmp
2015-04-07 16:30 - 2015-04-07 16:30 - 00047508 _____ () C:\Users\Johannes\Downloads\Addition.txt
2015-04-07 16:28 - 2015-04-12 22:25 - 00027440 _____ () C:\Users\Johannes\Downloads\FRST.txt
2015-04-07 16:28 - 2015-04-12 22:25 - 00000000 ____D () C:\FRST
2015-04-07 16:26 - 2015-04-12 21:21 - 02096640 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2015-04-07 15:00 - 2015-04-07 15:01 - 00293560 _____ () C:\WINDOWS\Minidump\040715-51875-01.dmp
2015-03-31 23:08 - 2015-03-31 23:09 - 00292792 _____ () C:\WINDOWS\Minidump\033115-24984-01.dmp
2015-03-31 22:42 - 2015-03-31 22:43 - 00293656 _____ () C:\WINDOWS\Minidump\033115-26984-01.dmp
2015-03-31 22:03 - 2015-03-31 22:03 - 00292792 _____ () C:\WINDOWS\Minidump\033115-26515-01.dmp
2015-03-31 20:21 - 2015-03-31 20:22 - 00292696 _____ () C:\WINDOWS\Minidump\033115-151375-01.dmp
2015-03-31 20:17 - 2015-03-31 20:17 - 00000000 __SHD () C:\found.000
2015-03-31 13:29 - 2015-03-31 13:30 - 00295576 _____ () C:\WINDOWS\Minidump\033115-24859-01.dmp
2015-03-31 12:31 - 2015-03-31 13:27 - 00023964 _____ () C:\Users\Johannes\Documents\untitled_AutoSave.gcs
2015-03-29 22:47 - 2015-04-12 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 22:47 - 2015-04-12 13:45 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-29 22:47 - 2015-04-12 13:45 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-29 22:44 - 2015-03-29 22:44 - 00243648 _____ () C:\Users\Johannes\Downloads\Firefox Setup Stub 36.0.4.exe
2015-03-25 16:36 - 2015-03-11 04:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-25 16:36 - 2015-03-11 00:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-24 01:05 - 2015-03-24 01:05 - 00735304 _____ () C:\WINDOWS\Minidump\032415-19578-01.dmp
2015-03-22 12:23 - 2015-03-22 14:33 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\GoPro
2015-03-22 12:22 - 2015-03-22 18:48 - 00000000 ____D () C:\Users\Public\CineForm
2015-03-22 12:22 - 2015-03-22 12:22 - 00001128 _____ () C:\Users\Johannes\Desktop\GoPro Studio.lnk
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Users\Johannes\AppData\Local\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2015-03-22 12:22 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\CineForm
2015-03-22 12:17 - 2015-03-22 12:22 - 00002272 _____ () C:\WINDOWS\DPINST.LOG
2015-03-22 12:17 - 2015-03-22 12:22 - 00000000 ____D () C:\Program Files (x86)\GoPro
2015-03-17 21:29 - 2015-03-17 21:29 - 00001516 _____ () C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 22:22 - 2013-05-14 21:57 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 22:18 - 2013-05-03 17:11 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-89369655-3679999935-2157184473-1002
2015-04-12 22:15 - 2014-07-26 17:59 - 00001156 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002UA.job
2015-04-12 22:14 - 2014-04-26 20:37 - 00000000 ___RD () C:\Users\Johannes\Google Drive
2015-04-12 22:14 - 2014-03-15 12:18 - 00000000 ___RD () C:\Users\Johannes\Dropbox
2015-04-12 22:14 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Dropbox
2015-04-12 22:13 - 2013-12-26 21:20 - 00000000 __RDO () C:\Users\Johannes\SkyDrive
2015-04-12 22:13 - 2013-10-08 12:35 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cec41217e0faff.job
2015-04-12 22:12 - 2013-05-03 17:24 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 22:09 - 2013-12-26 19:26 - 00279444 _____ () C:\WINDOWS\PFRO.log
2015-04-12 22:09 - 2013-12-11 23:05 - 00038449 _____ () C:\WINDOWS\setupact.log
2015-04-12 22:09 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-12 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-12 21:19 - 2013-10-28 21:23 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{965EBEB5-AFC7-45A7-A256-B0D90091556D}
2015-04-12 15:51 - 2013-10-22 15:23 - 00000000 ____D () C:\Users\Johannes
2015-04-12 15:51 - 2013-08-22 15:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-12 14:51 - 2013-10-27 13:32 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-12 14:51 - 2013-09-13 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-12 14:51 - 2013-04-03 10:30 - 611090373 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-12 14:46 - 2013-10-22 15:47 - 01227617 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 13:47 - 2013-05-11 17:05 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Adobe
2015-04-12 13:46 - 2013-05-14 21:57 - 00003766 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-11 17:46 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Spotify
2015-04-11 17:46 - 2013-05-07 17:36 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Spotify
2015-04-11 11:15 - 2014-07-26 17:59 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-89369655-3679999935-2157184473-1002Core.job
2015-04-10 18:51 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-10 17:02 - 2014-10-08 22:58 - 00015435 _____ () C:\Users\Johannes\Documents\Lohn Oktober.xlsx
2015-04-10 16:58 - 2014-10-08 22:38 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Deployment
2015-04-10 15:37 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-10 15:37 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-10 15:37 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-09 17:20 - 2014-12-09 22:57 - 00001384 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-04-09 17:20 - 2014-12-09 22:55 - 00001359 _____ () C:\Users\Johannes\Desktop\Chrome.lnk
2015-04-09 17:16 - 2014-09-25 15:06 - 00001066 _____ () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-09 17:16 - 2013-07-28 16:44 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Common
2015-04-09 13:03 - 2014-08-18 13:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 13:03 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 13:02 - 2013-06-09 21:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 11:22 - 2013-12-09 18:51 - 00000000 ____D () C:\ProgramData\Ashampoo
2015-04-08 11:05 - 2014-03-15 12:18 - 00001083 _____ () C:\Users\Johannes\Desktop\Dropbox.lnk
2015-04-08 11:05 - 2014-03-14 22:21 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-07 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-07 14:46 - 2013-06-09 21:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Avira
2015-04-07 14:45 - 2013-06-09 21:04 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 13:23 - 2012-08-02 13:37 - 00000000 ____D () C:\ProgramData\Temp
2015-03-29 22:47 - 2013-05-14 20:57 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Mozilla
2015-03-29 15:48 - 2013-05-10 16:45 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\vlc
2015-03-27 18:31 - 2013-08-22 16:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-27 18:25 - 2013-05-05 00:59 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-25 17:26 - 2014-12-10 20:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-25 17:26 - 2014-07-10 17:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-17 21:29 - 2015-02-06 16:56 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-17 21:29 - 2015-02-06 16:56 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-17 21:29 - 2013-05-07 22:47 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\DVDVideoSoft
2015-03-16 21:58 - 2013-05-04 11:39 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Apple Computer
2015-03-16 19:32 - 2013-12-26 19:13 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-15 17:46 - 2013-05-04 11:27 - 00000000 ____D () C:\Users\Johannes\Documents\CyberLink
2015-03-14 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-14 12:35 - 2013-08-22 16:44 - 05112832 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-14 02:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-14 00:15 - 2013-05-11 16:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 00:14 - 2012-07-26 07:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-03-13 21:47 - 2013-05-10 16:44 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-13 21:47 - 2013-05-10 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

==================== Files in the root of some directories =======

2013-10-07 22:19 - 2013-10-07 22:19 - 5082084 _____ (The Public) C:\Users\Johannes\AppData\Roaming\Avisynth.exe
2013-10-07 22:19 - 2013-10-07 22:20 - 5243208 _____ (                                                            ) C:\Users\Johannes\AppData\Roaming\AvsP.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 5514668 _____ (LIGHTNING UK!) C:\Users\Johannes\AppData\Roaming\Imgburn.exe
2013-10-07 22:19 - 2013-10-07 22:19 - 1357348 _____ () C:\Users\Johannes\AppData\Roaming\MatroskaSplitter.exe
2013-10-07 22:20 - 2013-10-07 22:20 - 7760687 _____ (Boraxsoft) C:\Users\Johannes\AppData\Roaming\SetupGFD.exe
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\SystemConfiguration
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Tables
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\Users\Johannes\AppData\Roaming\Techno Kit
2013-10-07 22:19 - 2013-10-07 22:19 - 0117723 _____ () C:\Users\Johannes\AppData\Roaming\yuvcodecs-1.3.exe
2013-08-19 19:07 - 2015-03-04 17:52 - 0012800 _____ () C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 15:48 - 2014-05-14 20:00 - 0000080 _____ () C:\Users\Johannes\AppData\Local\X-Plane Installer.prf
2013-05-11 12:18 - 2014-05-14 20:03 - 0000073 _____ () C:\Users\Johannes\AppData\Local\X-Plane_drm.prf
2013-05-11 12:19 - 2014-04-26 18:50 - 0000245 _____ () C:\Users\Johannes\AppData\Local\x-plane_install_10.txt
2012-09-12 19:08 - 2012-09-12 19:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 13:37 - 2013-12-30 13:45 - 0000303 _____ () C:\ProgramData\hpzinstall.log
2013-05-03 19:14 - 2013-05-03 19:14 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-05-03 19:14 - 2014-11-19 23:43 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-05-03 19:14 - 2014-11-06 22:38 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Textures
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Themes
2013-05-03 19:14 - 2013-05-03 19:14 - 0000268 ___RH () C:\ProgramData\Track Settings

Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\avgnt.exe
C:\Users\Johannes\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4uno2k.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-12 14:08

==================== End Of Log ============================
--- --- ---

schrauber 13.04.2015 10:04
Perfekt. Noch Probleme?

Johannes K 13.04.2015 15:35
Leider gibt es immernoch Probleme. Mein avira hat zwar keine Meldungen mehr gegeben, meinen Explorer kann ich jedoch immernoch nicht öffnen. Von Word beispielsweise kann ich auf meine Dokumente aber zugreifen. Wenn ich ihn öffnen will passiert entweder gar nichts oder der Computer stürzt ab mit der Fehlermeldung dass ein Problem aufgetreten ist.
Ich hoffe du kannst mir da noch weiterhelfen.

schrauber 14.04.2015 06:29
http://www.deeprybka.trojaner-board....r/wraioneu.PNG
  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
http://deeprybka.trojaner-board.de/b...srepair271.png

Johannes K 15.04.2015 17:49
Bei step 4 habe ich ein Problem und zwar stürzt mein PC immer bei etwa 62% ab! Er wird dann automatisch neugestartet. Bei step 5 beim Backup gibt es auch ein error... Das Backup muss schon sein bevor ich "repairs" mache oder?

schrauber 16.04.2015 06:50
Sollte man machen, ja. Was genau heisst "er stürzt ab"?

Johannes K 16.04.2015 16:26
Also der Bildschirm wird blau und es steht da: "auf dem PC ist ein Problem aufgetreten es werden einige Fehlerinformationen gesammelt und anschließend ein Neustart durchgeführt."
Dann zählt er hoch bis 100% und startet neu.

schrauber 16.04.2015 21:36
Bitte mal einen Bericht mit Bluescreenview erstellen:
Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen

Johannes K 17.04.2015 14:57
Ist echt bitter wenn ich das Bluescreen ausführen ausführen will stürzt der Computer wieder ab.
Glaubst du da gibt es noch chancen den Trojaner zu entfernen oder soll ich mal so ein komplett Reset machen? Daten hhab ich schon gesichert. Wäre dann eigentlich auch das Betriebssystem weg?

schrauber 18.04.2015 08:08
Ich bezweifle, dass der BSOD was mit Viren zu tun hat. Wenn Du zurücksetzt ist alles weg.

Kanst Du von dem BSOD ein Bild machen?

Johannes K 18.04.2015 10:34
Liste der Anhänge anzeigen (Anzahl: 1)
So im Anhang ist ein Bild vom Absturz. So ist es jedes mal!

schrauber 18.04.2015 22:51
Ok, der nichtssagendste BSOD den man so haben kann :)

RAM testen mit Memtest86+.

Johannes K 21.04.2015 19:45
Hat keine errors angezeigt... Auch Windows memory diagnostics hat nichts ergeben! :(

schrauber 22.04.2015 08:51
Dann ist als nächstes die Festplatte dran.

Zustand der Festplatte herausfinden - so gehts - Anleitungen

Johannes K 23.04.2015 16:35
So hier ist der kopierte Text aus dem Programm:

Code:
----------------------------------------------------------------------------
CrystalDiskInfo 6.3.2 (C) 2008-2015 hiyohiyo
                                Crystal Dew World : hxxp://crystalmark.info/
----------------------------------------------------------------------------

    OS : Windows 8.1  [6.3 Build 9600] (x64)
  Date : 2015/04/23 17:33:07

-- Controller Map ----------------------------------------------------------
 + Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
  - TOSHIBA MK7559GSXP
  - PIONEER DVD-RW DVRTD11RS
 - Microsoft-Controller für Speicherplätze [SCSI]

-- Disk List ---------------------------------------------------------------
 (1) TOSHIBA MK7559GSXP : 750,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
 (1) TOSHIBA MK7559GSXP
----------------------------------------------------------------------------
          Model : TOSHIBA MK7559GSXP
        Firmware : GN003J
  Serial Number : 42P7P2QMT
      Disk Size : 750,1 GB (8,4/137,4/750,1/750,1)
    Buffer Size : 8192 KB
    Queue Depth : 32
    # of Sectors : 1465149168
  Rotation Rate : 5400 RPM
      Interface : Serial ATA
  Major Version : ATA8-ACS
  Minor Version : ----
  Transfer Mode : SATA/300 | SATA/300
  Power On Hours : 2659 Std.
  Power On Count : 1772 mal
    Temperature : 44 C (111 F)
  Health Status : Vorsicht
        Features : S.M.A.R.T., APM, 48bit LBA, NCQ
      APM Level : 00FEh [ON]
      AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Lesefehlerrate
02 100 100 _50 000000000000 Datendurchsatz-Leistung
03 100 100 __1 000000000811 Mittlere Anlaufzeit
04 100 100 __0 0000000006FF Start/Stopp-Zyklen der Spindel
05 100 100 _50 000000000000 Wiederzugewiesene Sektoren
07 100 100 _50 000000000000 Suchfehler
08 100 100 _50 000000000000 Güte der Suchoperationen
09 _94 _94 __0 000000000A63 Betriebsstunden
0A 135 100 _30 000000000000 Misslungene Spindelanläufe
0C 100 100 __0 0000000006EC Geräte-Einschaltvorgänge
BF 100 100 __0 000000000024 Beschleunigungssensor-Fehlerrate
C0 100 100 __0 000000000019 Ausschaltungsabbrüche
C1 _98 _98 __0 00000000569E Laden/Entladen-Zyklen
C2 100 100 __0 0036000D002C Temperatur
C4 100 100 __0 000000000000 Wiederzuweisungsereignisse
C5 100 100 __0 000000000008 Aktuell ausstehende Sektoren
C6 100 100 __0 000000000000 Nicht korrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler
DC 100 100 __0 000000000048 Festplattenverschiebung
DE _94 _94 __0 0000000009DD Stunden geladen
DF 100 100 __0 000000000000 Laden/Entladen-Wiederholungen
E0 100 100 __0 000000000000 Ladereibung
E2 100 100 __0 0000000000DB Ladezeit
F0 100 100 __1 000000000000 Kopfpositionierungszeit

-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2034 3250 3750 3251 4D54
020: 0000 4000 0000 474E 3030 334A 2020 544F 5348 4942
030: 4120 4D4B 3735 3539 4753 5850 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0F06 0004 004C 0048
080: 01F8 0000 746B 7D09 6163 7469 BC09 6163 203F 005B
090: 005B 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
100: 66F0 5754 0000 0000 0000 0000 6003 0000 5000 0393
110: F248 8865 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C9A5

-- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 27 00 64 64 11
020: 08 00 00 00 00 00 04 32 00 64 64 FF 06 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0B
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 5E 5E 63 0A 00 00 00
060: 00 00 0A 33 00 87 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 EC 06 00 00 00 00 00 BF 32 00 64 64 24
080: 00 00 00 00 00 00 C0 32 00 64 64 19 00 00 00 00
090: 00 00 C1 32 00 62 62 9E 56 00 00 00 00 00 C2 22
0A0: 00 64 64 2C 00 0D 00 36 00 00 C4 32 00 64 64 00
0B0: 00 00 00 00 00 00 C5 32 00 64 64 08 00 00 00 00
0C0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 32
0D0: 00 C8 C8 00 00 00 00 00 00 00 DC 02 00 64 64 48
0E0: 00 00 00 00 00 00 DE 32 00 5E 5E DD 09 00 00 00
0F0: 00 00 DF 32 00 64 64 00 00 00 00 00 00 00 E0 22
100: 00 64 64 00 00 00 00 00 00 00 E2 26 00 64 64 DB
110: 00 00 00 00 00 00 F0 01 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 5B
170: 03 00 01 00 02 C1 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89

-- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 00 00 00 00 00 00 00 00 00 02 32
010: 00 00 00 00 00 00 00 00 00 00 03 01 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 32 00 00 00 00 00 00 00 00 00 00 07 32
040: 00 00 00 00 00 00 00 00 00 00 08 32 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 1E 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
080: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
090: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 DC 00 00 00 00 00
0E0: 00 00 00 00 00 00 DE 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E0 00
100: 00 00 00 00 00 00 00 00 00 00 E2 00 00 00 00 00
110: 00 00 00 00 00 00 F0 01 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36
Außerdem steht bei Gesamtzustand "Vorsicht"

schrauber 24.04.2015 08:00
Dann fang mal an deine Daten zu sichern. Die Platte macht demnächst den Abgang.

Johannes K 24.04.2015 11:49
Meine Daten sind eigentlich alle gesichert! Wie meinst du das? "macht einen Abgang"?

schrauber 24.04.2015 15:50
Die geht kaputt :)

Johannes K 25.04.2015 13:34
Hm...Okay!
Da kann ich nichts gegen machen? Ich muss die dann anschließend austauschen oder?

Da bringt dann auch formatieren nichts?

schrauber 26.04.2015 06:23
korrekt. Die geht hardwareseitig kaputt.

Johannes K 26.04.2015 09:07
Und was ist mit dem Betriebssystem? Ist das dann auch weg oder kann ich das irgendwie retten?

schrauber 26.04.2015 18:18
Du kannst deine Daten sichern, wie ich schon geschrieben habe. Entweder nur die Daten, oder ein mage des kompletten Betriebssystems ziehen. Wenn denn das BS zu 100% in Ordnung ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55