Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Welcome to nginx! Wie kann ich das löschen? (https://www.trojaner-board.de/168074-welcome-to-nginx-loeschen.html)

ego87 20.06.2015 00:23
Welcome to nginx! Wie kann ich das löschen?
 
Hallo zusammen,

Habe seit heute das problem das ich wenn ich auf manche seiten gehe nur noch die meldung bekomme Welcome to nginx ?!

und dann wars das wie bekomme ich das weg bzw was ist das genau denn antivir und avast haben nichts gefunden und auch der adwcleaner nicht


hoffe ich bekomme ne hilfe von euch

danke schonmal


mfg

ego87

schrauber 20.06.2015 06:47
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


ego87 20.06.2015 09:32
So hab ich erledigt hoffe das sind die richtigen logdaten die du brauchst?!


FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ego87 (administrator) on EGO on 20-06-2015 10:25:04
Running from C:\Users\ego87\Desktop
Loaded Profiles: ego87 (Available Profiles: ego87 & Ramona & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Mozilla Corporation) D:\Programme ego\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => D:\Programme ego\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\MountPoints2: {f694f407-49b6-11e2-be68-806e6f6e6963} - "J:\autorun.exe"
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShowDesktop.scf [2012-06-28] ()
Startup: C:\Users\ego87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar26.lnk [2015-06-20]
ShortcutTarget: Sidebar26.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001 -> DefaultScope {6788F288-5C20-4502-A9BE-D4C344039A91} URL =
SearchScopes: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001 -> {6788F288-5C20-4502-A9BE-D4C344039A91} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9AA29D7F-D637-4AAE-92F8-8AC37C4FD770}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\ego87\AppData\Roaming\Mozilla\Firefox\Profiles\pk6g1a7x.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme ego\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Programme ego\Java\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Programme ego\Java\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Extension: Adblock Plus - C:\Users\ego87\AppData\Roaming\Mozilla\Firefox\Profiles\pk6g1a7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-11]
CHR Extension: (Avira Browser Safety) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (Avast Online Security) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; D:\Programme ego\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Programme ego\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme ego\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme ego\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-10] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1910128 2015-02-04] (Electronic Arts)
S3 SandraAgentSrv; D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R3 RTL8192cu; C:\Windows\system32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                          )
S3 SANDRA; D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [129264 2014-06-20] (© Guillemot R&D, 2014. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 10:25 - 2015-06-20 10:25 - 00013574 _____ C:\Users\ego87\Desktop\FRST.txt
2015-06-20 10:24 - 2015-06-20 10:25 - 00000000 ____D C:\FRST
2015-06-20 10:24 - 2015-06-20 10:24 - 02109952 _____ (Farbar) C:\Users\ego87\Desktop\FRST64.exe
2015-06-20 10:16 - 2015-06-20 10:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-32675937.txt
2015-06-20 10:16 - 2015-06-20 10:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-32673671.txt
2015-06-20 01:14 - 2015-06-20 01:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-140375.txt
2015-06-20 01:13 - 2015-06-20 01:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-73015.txt
2015-06-20 01:11 - 2015-06-20 01:12 - 00428944 _____ C:\WINDOWS\PFRO.log
2015-06-20 01:10 - 2015-06-20 01:10 - 00001095 _____ C:\WINDOWS\system32\netcfg-7550546.txt
2015-06-20 01:07 - 2015-06-20 01:07 - 00001095 _____ C:\WINDOWS\system32\netcfg-7374312.txt
2015-06-20 01:06 - 2015-06-20 01:06 - 00001095 _____ C:\WINDOWS\system32\netcfg-7336031.txt
2015-06-20 00:27 - 2015-06-20 00:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-06-20 00:27 - 2015-06-20 00:27 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-20 00:27 - 2015-06-20 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-20 00:27 - 2015-06-20 00:27 - 00000000 ____D C:\Program Files\CCleaner
2015-06-20 00:26 - 2015-06-20 00:26 - 00000173 _____ C:\WINDOWS\system32\netcfg-4941046.txt
2015-06-20 00:26 - 2015-06-20 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-4944859.txt
2015-06-20 00:26 - 2015-06-20 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-4944750.txt
2015-06-20 00:18 - 2015-06-20 00:19 - 00001095 _____ C:\WINDOWS\system32\netcfg-4472921.txt
2015-06-20 00:15 - 2015-06-20 00:15 - 00001095 _____ C:\WINDOWS\system32\netcfg-4284937.txt
2015-06-20 00:14 - 2015-06-20 00:15 - 00001095 _____ C:\WINDOWS\system32\netcfg-4222218.txt
2015-06-19 23:55 - 2015-06-19 23:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-3048406.txt
2015-06-19 23:54 - 2015-06-20 00:26 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-06-19 23:54 - 2015-06-19 23:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-3045093.txt
2015-06-19 23:54 - 2015-06-19 23:54 - 00000171 _____ C:\WINDOWS\system32\netcfg-3025453.txt
2015-06-19 23:54 - 2015-06-19 23:54 - 00000000 ____D C:\Program Files (x86)\iS3
2015-06-19 23:48 - 2015-06-19 23:50 - 00000000 ____D C:\AdwCleaner
2015-06-19 23:47 - 2015-06-19 23:47 - 02231296 _____ C:\Users\ego87\Desktop\adwcleaner_4.206.exe
2015-06-19 23:39 - 2015-06-20 00:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-19 23:39 - 2015-06-19 23:39 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-19 23:39 - 2015-06-19 23:39 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-19 23:03 - 2015-06-19 23:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-17818843.txt
2015-06-19 22:35 - 2015-06-19 23:02 - 117305526 _____ C:\Users\ego87\Desktop\FS15_JohnDeere8430Pack.rar
2015-06-19 18:09 - 2015-06-19 18:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-154953.txt
2015-06-19 18:06 - 2015-06-19 18:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-105377703.txt
2015-06-19 17:51 - 2015-06-19 17:51 - 00000000 ____D C:\Users\ego87\Desktop\LS15 Texturpack
2015-06-19 14:08 - 2015-06-19 14:11 - 11796047 _____ C:\Users\ego87\Desktop\Annaburger_HTS.zip
2015-06-19 13:56 - 2015-06-19 13:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-90388171.txt
2015-06-19 13:56 - 2015-06-19 13:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-90387515.txt
2015-06-18 21:27 - 2015-06-18 21:27 - 06019269 _____ C:\Users\ego87\Desktop\LS15 Texturpack.rar
2015-06-18 12:54 - 2015-06-18 12:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-256718.txt
2015-06-18 08:25 - 2015-06-18 08:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-29602250.txt
2015-06-18 08:04 - 2015-06-18 08:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-28326718.txt
2015-06-18 08:04 - 2015-06-18 08:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-28323265.txt
2015-06-18 00:35 - 2015-06-18 00:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-1394531.txt
2015-06-18 00:35 - 2015-06-18 00:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-1391046.txt
2015-06-18 00:19 - 2015-06-18 00:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-460640.txt
2015-06-18 00:11 - 2015-06-18 00:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-178268812.txt
2015-06-18 00:10 - 2015-06-18 00:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-178247718.txt
2015-06-18 00:06 - 2015-06-18 00:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-177990031.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177759109.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177749093.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177738500.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177734734.txt
2015-06-17 19:15 - 2015-06-17 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-160542890.txt
2015-06-17 19:15 - 2015-06-17 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-160540187.txt
2015-06-16 20:31 - 2015-06-16 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-78702890.txt
2015-06-16 20:31 - 2015-06-16 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-78700765.txt
2015-06-15 22:45 - 2015-06-15 22:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-343453.txt
2015-06-15 22:39 - 2015-06-15 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-431635687.txt
2015-06-15 19:15 - 2015-06-15 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-419381406.txt
2015-06-15 19:15 - 2015-06-15 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-419379390.txt
2015-06-14 14:51 - 2015-06-14 14:54 - 349300920 _____ (GIANTS Software ) C:\Users\ego87\Desktop\FarmingSimulator2015Patch1.3DE.exe
2015-06-14 14:33 - 2015-06-14 14:33 - 00029094 _____ C:\Users\ego87\Desktop\MoneyModLS15.zip
2015-06-14 11:31 - 2015-06-15 22:32 - 00000000 ____D C:\Users\ego87\Desktop\LS 15 Mods
2015-06-14 11:07 - 2015-06-14 11:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-303732156.txt
2015-06-14 11:07 - 2015-06-14 11:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-303729437.txt
2015-06-13 13:57 - 2015-06-13 13:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-227539734.txt
2015-06-13 13:57 - 2015-06-13 13:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-227537609.txt
2015-06-12 23:27 - 2015-06-12 23:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-175322203.txt
2015-06-12 23:27 - 2015-06-12 23:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-175293156.txt
2015-06-12 14:55 - 2015-06-12 14:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-144627015.txt
2015-06-12 14:55 - 2015-06-12 14:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-144623546.txt
2015-06-11 13:13 - 2015-06-11 13:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-52082953.txt
2015-06-11 13:13 - 2015-06-11 13:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-52081046.txt
2015-06-10 22:46 - 2015-06-10 22:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-91046.txt
2015-06-10 22:44 - 2015-06-10 22:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-343707468.txt
2015-06-10 22:30 - 2015-06-10 22:30 - 00000608 _____ C:\Users\ego87\Downloads\ICGames LS15.txt
2015-06-10 19:47 - 2015-06-15 21:50 - 00000000 ____D C:\Users\ego87\AppData\Roaming\OBS
2015-06-10 19:47 - 2015-06-10 19:47 - 00000943 _____ C:\Users\ego87\Desktop\Open Broadcaster Software.lnk
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Program Files\OBS
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Program Files (x86)\OBS
2015-06-10 19:39 - 2015-06-10 19:39 - 07516302 _____ C:\Users\ego87\Downloads\OBS_0_64b_Installer.exe
2015-06-10 08:47 - 2015-06-10 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-293470015.txt
2015-06-10 08:47 - 2015-06-10 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-293467343.txt
2015-06-09 19:13 - 2015-06-09 19:13 - 18169520 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-06-09 15:01 - 2015-06-09 15:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-229543531.txt
2015-06-09 15:01 - 2015-06-09 15:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-229540265.txt
2015-06-08 13:47 - 2015-06-08 13:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-138648984.txt
2015-06-08 13:46 - 2015-06-08 13:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-138647187.txt
2015-06-07 11:16 - 2015-06-07 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-43215140.txt
2015-06-07 11:16 - 2015-06-07 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-43214750.txt
2015-06-06 23:17 - 2015-06-06 23:17 - 00000117 _____ C:\WINDOWS\system32\netcfg-92625.txt
2015-06-06 23:15 - 2015-06-06 23:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-174846359.txt
2015-06-06 20:33 - 2015-06-06 20:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-165115593.txt
2015-06-06 20:33 - 2015-06-06 20:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-165115218.txt
2015-06-05 13:30 - 2015-06-05 13:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-53366421.txt
2015-06-05 13:30 - 2015-06-05 13:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-53364515.txt
2015-06-04 22:42 - 2015-06-04 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-100234.txt
2015-06-04 22:40 - 2015-06-04 22:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-349069812.txt
2015-06-04 20:18 - 2015-06-04 20:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-340544265.txt
2015-06-04 20:18 - 2015-06-04 20:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-340541015.txt
2015-06-04 15:03 - 2015-06-04 15:03 - 00000641 _____ C:\Users\Public\Desktop\World of Warships.lnk
2015-06-04 15:03 - 2015-06-04 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-06-04 14:02 - 2015-06-04 14:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-317952109.txt
2015-06-04 14:01 - 2015-06-04 14:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-317949296.txt
2015-06-03 07:48 - 2015-06-03 07:48 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-03 07:13 - 2015-06-03 07:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-207036218.txt
2015-06-03 07:13 - 2015-06-03 07:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-207033187.txt
2015-06-02 17:29 - 2015-06-02 17:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-157618671.txt
2015-06-02 17:29 - 2015-06-02 17:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-157615484.txt
2015-06-01 09:50 - 2015-06-01 09:53 - 00000000 ____D C:\Users\ego87\Documents\ETS2MP
2015-06-01 09:39 - 2015-06-01 09:39 - 00000805 _____ C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-06-01 09:39 - 2015-06-01 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-06-01 09:32 - 2015-06-01 09:32 - 10153019 _____ C:\Users\ego87\Desktop\ets2mp_18000.zip
2015-06-01 08:38 - 2015-06-01 08:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-39378703.txt
2015-06-01 08:38 - 2015-06-01 08:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-39378515.txt
2015-05-31 21:44 - 2015-05-31 21:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-89125.txt
2015-05-31 21:42 - 2015-05-31 21:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-31125625.txt
2015-05-31 18:50 - 2015-05-31 18:50 - 00000209 _____ C:\Users\ego87\Desktop\Euro Truck Simulator 2.url
2015-05-31 13:05 - 2015-05-31 13:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-100218.txt
2015-05-31 13:02 - 2015-05-31 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-761140718.txt
2015-05-31 12:46 - 2015-05-31 12:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-760177437.txt
2015-05-31 12:46 - 2015-05-31 12:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-760174937.txt
2015-05-30 18:05 - 2015-05-30 18:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-692894046.txt
2015-05-30 17:56 - 2015-05-30 17:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-692370484.txt
2015-05-30 13:27 - 2015-05-30 13:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-676262109.txt
2015-05-30 13:27 - 2015-05-30 13:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-676261406.txt
2015-05-29 20:07 - 2015-05-29 20:16 - 348825232 _____ (GIANTS Software ) C:\Users\ego87\Downloads\FarmingSimulator2015Patch1.3DE_PublicBeta1.exe
2015-05-29 20:07 - 2015-05-29 20:15 - 348833040 _____ (GIANTS Software ) C:\Users\ego87\Downloads\FarmingSimulator2015Patch1.3DE_PublicBeta2.exe
2015-05-29 17:30 - 2015-05-29 17:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-604419500.txt
2015-05-29 17:30 - 2015-05-29 17:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-604416796.txt
2015-05-28 19:33 - 2015-05-28 19:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-525367218.txt
2015-05-28 19:32 - 2015-05-28 19:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-525365531.txt
2015-05-26 19:34 - 2015-05-26 19:34 - 00000117 _____ C:\WINDOWS\system32\netcfg-352690250.txt
2015-05-26 19:34 - 2015-05-26 19:34 - 00000117 _____ C:\WINDOWS\system32\netcfg-352688500.txt
2015-05-25 17:56 - 2015-05-25 17:56 - 00000000 ____D C:\Program Files\avast software
2015-05-25 17:52 - 2015-05-25 17:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-260133781.txt
2015-05-25 17:52 - 2015-05-25 17:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-260131468.txt
2015-05-23 17:01 - 2015-05-23 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-84311078.txt
2015-05-23 17:01 - 2015-05-23 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-84309859.txt
2015-05-22 17:38 - 2015-05-22 17:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-83281.txt
2015-05-22 17:35 - 2015-05-22 17:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-155324046.txt
2015-05-22 17:16 - 2015-05-22 17:29 - 1343648339 _____ C:\Users\ego87\Desktop\all_mods_download.zip
2015-05-22 16:18 - 2015-05-22 16:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-150658109.txt
2015-05-22 16:18 - 2015-05-22 16:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-150654828.txt
2015-05-21 22:14 - 2015-05-21 22:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-85630968.txt
2015-05-21 22:14 - 2015-05-21 22:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-85628843.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 10:21 - 2013-12-31 12:39 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382921263-2657641692-2300306991-1001
2015-06-20 10:16 - 2014-03-01 22:55 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-20 10:16 - 2014-01-13 21:28 - 00000000 ____D C:\Users\ego87\AppData\Local\CrashDumps
2015-06-20 10:16 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-20 01:13 - 2014-01-01 21:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-20 01:12 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-20 01:12 - 2012-07-26 09:19 - 00285616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-20 01:10 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-20 00:47 - 2014-03-01 22:55 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 00:30 - 2014-04-24 00:12 - 00000000 ____D C:\Users\ego87\AppData\Roaming\PhotoScape
2015-06-20 00:30 - 2014-01-01 21:32 - 00000000 ____D C:\Users\ego87\AppData\Roaming\TeamViewer
2015-06-20 00:29 - 2014-02-10 12:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-20 00:29 - 2012-08-02 18:04 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-20 00:25 - 2014-01-26 14:04 - 00000000 ____D C:\ProgramData\Ashampoo
2015-06-20 00:01 - 2014-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\ViUpdater
2015-06-18 08:25 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-18 08:24 - 2014-01-10 21:49 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Skype
2015-06-18 08:23 - 2014-01-10 21:49 - 00000000 ____D C:\ProgramData\Skype
2015-06-10 12:49 - 2013-12-31 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-10 12:48 - 2013-12-31 12:53 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-10 12:48 - 2013-12-31 12:53 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-10 09:48 - 2014-03-01 22:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 19:13 - 2014-01-01 21:10 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-04 15:03 - 2014-03-20 18:22 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-06-04 14:52 - 2014-04-05 19:55 - 00000000 ____D C:\Users\ego87\Documents\Euro Truck Simulator 2
2015-06-03 07:48 - 2014-03-01 22:55 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-01 09:22 - 2014-01-01 19:14 - 00000000 ____D C:\Users\ego87\AppData\Local\Thunderbird
2015-05-30 15:57 - 2013-11-12 19:51 - 00000000 ___RD C:\Users\ego87\Dropbox
2015-05-30 14:51 - 2014-01-01 19:35 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Dropbox
2015-05-29 20:21 - 2014-10-31 17:10 - 00000887 _____ C:\Users\ego87\Desktop\Landwirtschafts Simulator 15 .lnk
2015-05-29 20:21 - 2014-10-31 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015

==================== Files in the root of some directories =======

2015-04-21 00:38 - 2015-04-23 16:37 - 0000022 _____ () C:\Users\ego87\AppData\Roaming\Network Meter_Usage.ini
2014-08-09 16:38 - 2014-09-02 12:42 - 14155776 _____ () C:\Users\ego87\AppData\Roaming\Sandra.mdb
2015-04-20 23:53 - 2015-04-20 23:53 - 0000122 _____ () C:\Users\ego87\AppData\Roaming\System Monitor II_UptimeRecord.ini
2014-11-23 18:10 - 2014-11-23 18:10 - 0002070 _____ () C:\Users\ego87\AppData\Local\recently-used.xbel
2014-02-24 10:44 - 2014-02-24 10:44 - 0007597 _____ () C:\Users\ego87\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\ego87\IP_Log_Data.js
C:\Users\ego87\Network_Meter_Data.js


Some files in TEMP:
====================
C:\Users\ego87\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-11 13:24

==================== End of log ============================
--- --- ---



Addition:

[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by ego87 at 2015-06-20 10:25:38
Running from C:\Users\ego87\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2382921263-2657641692-2300306991-500 - Administrator - Disabled) => C:\Users\Administrator
ego87 (S-1-5-21-2382921263-2657641692-2300306991-1001 - Administrator - Enabled) => C:\Users\ego87
Gast (S-1-5-21-2382921263-2657641692-2300306991-501 - Limited - Disabled)
Ramona (S-1-5-21-2382921263-2657641692-2300306991-1002 - Limited - Enabled) => C:\Users\Ramona

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{497CAF77-3B02-729F-FE66-DB31EA43DBD9}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts Inc.)
Dropbox (HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX420W Series (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.8 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.8 Alpha - ETS2MP Team)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Audio Converter version 5.0.35.304 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.)
Free MP4 Video Converter version 5.0.32.1230 (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
GIANTS Editor 6.0.1 64-bit (HKLM-x32\...\giants_editor_6.0.1_win64_is1) (Version: 6.0.1 - GIANTS Software GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Network Connections 17.2.153.0 (HKLM\...\PROSetDX) (Version: 17.2.153.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software)
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Landwirtschafts Simulator 2013 Hagensted Modified 2013 MoreRealistic (HKLM-x32\...\{F09E06EB-D878-4E4E-9190-84E3C4C1DC27}_is1) (Version: Landwirtschafts Simulator 2013 Hagensted Modified 4.1.5 MoreRealistic - Black Panther Group)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
NETGEAR WNA1000M Wireless USB 2.0 Adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SpinTires Tech Demo (June 060613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.1.335 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Win8Starter (HKLM\...\{F9383649-ED4F-47E5-0001-CB1F0FEBD122}) (Version: 1.0.13.122 - Engelmann Media GmbH)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warships (HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ego87\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File

==================== Restore Points =========================

29-05-2015 20:21:13 DirectX wurde installiert
19-06-2015 23:45:16 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {24F6525A-28FE-422C-8BD1-7C1A4491A26E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)
Task: {25D7F796-8BE6-47C8-8901-19F8133B18F2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2ACA2DA7-352C-4420-B580-62C8CE35C2C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {2C12DB22-0599-40EB-B971-37D3B7B64C22} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {4145606B-AE45-4C5D-ACBB-6C55CBBC3D07} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {63700C6F-EA33-4393-8289-B482449CE6A5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {724A97BD-8AE2-4541-9641-8DB4EA18DF87} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-24] ()
Task: {DFD2FF0E-8C2B-4285-B437-6C65D4D97FBA} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {E20FE088-2EF7-4DCF-A289-298408EC1F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)
Task: {E4813DB8-8F9A-4576-972A-6DEC66CFA0B5} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {F01A31EE-F534-4121-8252-22B2821174B7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-12-19 10:59 - 2012-07-18 05:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ego87\Desktop\flooded_forest-wallpaper-1600x900.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{24DCEC29-CAA7-4793-82E3-9103276499A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{773A418C-2800-4F17-8A29-3907F089EA86}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{E1032005-E039-442D-806A-7133FC8B5089}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{6D040574-AB32-4F14-BC99-E513E02B1807}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{B9843703-EEDA-433B-A76B-F096B8A6E8F1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{8AC425E2-BE66-4EE7-AB1D-1018D07957E0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{34A15521-22EF-4664-8E34-46845876D9F9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{F1CFC65F-6F5C-42FA-BDCF-D540C6711EA5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{3668A70C-79D9-4C28-B06C-432E22B6AA50}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{9AF03109-7FB2-46E2-B2FF-BC08F3F875D2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{E4BEB5E2-640C-4191-8843-F8B2BAC1509A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2B11F22C-D1B0-40BA-8AB2-1A240925BB45}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{9FB2FBC9-878C-47AF-9D8A-F705AB88B91A}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{C88B78CC-AF14-4EEC-B508-8694BB7640B5}] => (Allow) D:\Spiele\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DD128336-F341-4475-BC58-E82D95B98138}] => (Allow) D:\Spiele\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0F6CE006-3D9F-404A-8963-33F531B9EE7E}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{63C8FC18-FE5F-4052-922E-0FB67D774B95}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{1A0BFEB2-A214-402D-B0B4-F9FE003716B5}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{02B89406-1E09-4F6D-8590-20FFAB321C4A}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{D6A30E23-4D0B-4936-9933-85E12C12A65D}] => (Allow) D:\Spiele\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3B1A39AF-9181-44A6-A17A-8C140C6BBD91}] => (Allow) D:\Spiele\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{43B71746-DBB2-474F-96ED-05F6DCEE913E}D:\programme ego\java\bin\javaw.exe] => (Allow) D:\programme ego\java\bin\javaw.exe
FirewallRules: [UDP Query User{4826BFCE-3BB4-404B-9C5B-44AE0D76BBE9}D:\programme ego\java\bin\javaw.exe] => (Allow) D:\programme ego\java\bin\javaw.exe
FirewallRules: [TCP Query User{FB26F286-72F6-4A8B-BB06-86127E6F5A2A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{86DE9813-2383-4DE2-BD70-DCFA1548BFB9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7F0CC6D0-14F2-4D8F-A72E-EC3A19D11115}] => (Allow) D:\Spiele\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{8738841A-AB8D-48BA-8E80-BCE1A6C71E08}] => (Allow) D:\Spiele\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{EF9A618F-F17F-49AA-A012-6E56210E6E04}] => (Allow) D:\Programme ego\Winamp\winamp.exe
FirewallRules: [{1A1D02CC-1927-44DD-A58C-0AA6423E0F31}] => (Allow) D:\Programme ego\Winamp\winamp.exe
FirewallRules: [{2702F52C-0E01-4BEB-B4DC-FC6EE9D5265D}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{EB146FC0-12CD-4B76-86FF-179500697686}] => (Allow) D:\Spiele\Steam\Steam.exe
FirewallRules: [{B11E6724-4BE9-48E1-A812-BDF99455D01E}] => (Allow) D:\Spiele\WarThunder\launcher.exe
FirewallRules: [{CB6CF2CB-F1A9-4688-B698-24F576F2F8D3}] => (Allow) D:\Spiele\WarThunder\launcher.exe
FirewallRules: [TCP Query User{676888B8-D5E6-446E-B622-1C110CF628B6}D:\spiele\warthunder\aces.exe] => (Allow) D:\spiele\warthunder\aces.exe
FirewallRules: [UDP Query User{DBD26711-CC8F-4216-9471-D5672D70D75A}D:\spiele\warthunder\aces.exe] => (Allow) D:\spiele\warthunder\aces.exe
FirewallRules: [TCP Query User{A32A3E17-2014-40B2-B364-3282487388E0}D:\spiele\wot\wotlauncher.exe] => (Allow) D:\spiele\wot\wotlauncher.exe
FirewallRules: [UDP Query User{31969596-878E-4790-A432-D671470CCF3A}D:\spiele\wot\wotlauncher.exe] => (Allow) D:\spiele\wot\wotlauncher.exe
FirewallRules: [TCP Query User{9A45D7FB-1310-45A0-8153-CAF21DC893DE}D:\spiele\wot\worldoftanks.exe] => (Allow) D:\spiele\wot\worldoftanks.exe
FirewallRules: [UDP Query User{1A9A98ED-ED19-484D-84EB-B21F8B5E89C4}D:\spiele\wot\worldoftanks.exe] => (Allow) D:\spiele\wot\worldoftanks.exe
FirewallRules: [{84580856-F010-4EE9-AC15-9D8B59A83666}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{B92E8EBC-66AB-444C-A4C6-A1B451023036}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{F6D9D361-67DE-4FB3-AE03-88E5A092C1E4}] => (Allow) D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe
FirewallRules: [{7DAA6B4C-E150-4DDC-8D5E-874A4020E86D}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{7AC3DD69-F626-4049-86A1-4470A78D7B55}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\x64\FarmingSimulator2013Game.exe
FirewallRules: [{C7B8B444-0D8B-4E65-AC5D-7A82E1AEAE65}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{C58DD975-965B-4102-91F3-49B105A782EA}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2013\x86\FarmingSimulator2013Game.exe
FirewallRules: [{7B5F88CE-774B-4A21-84D9-C5E1179D824E}] => (Allow) D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{14FA80F9-4F5E-4AF6-AA21-2CCDAB012035}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{DD439DE1-90C1-4D19-8067-4C6D1D3046A1}] => (Allow) D:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{4EF0D693-F8D2-4825-B028-88E9BEE531AE}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0744166F-32BB-4D89-A2C1-74A8E1A86F00}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{928AE0EB-8FB1-4AF3-A20A-CD7DAA693A95}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1951D8C0-02D2-497C-AD19-B6173B3CBE4E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{250A3A2B-C012-4CD5-B871-AA013C9F75B2}] => (Allow) C:\Users\ego87\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2668DD47-8C7E-42DF-90C8-560B29BDDBBE}] => (Allow) C:\Users\ego87\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DD7F8343-8F07-485B-976F-49AC58722DD6}] => (Allow) D:\Spiele\Steam\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [{7FF41358-22A4-4D1D-AB4A-243404BAEFD3}] => (Allow) D:\Spiele\Steam\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{180D7290-81AC-4398-B147-DEFA18C3B735}D:\spiele\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\spiele\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{053A6C61-44C8-4F62-9FD5-EADBC6E63259}D:\spiele\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\spiele\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{6D34F183-B590-4268-9404-270CB8F4D471}D:\programme ego\mozilla firefox\firefox.exe] => (Block) D:\programme ego\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{50EF7853-9003-4CBA-8564-F5E62C994A3B}D:\programme ego\mozilla firefox\firefox.exe] => (Block) D:\programme ego\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{2AD8AE3E-B6C7-4AB8-8E61-6CA6C54D6EDE}D:\spiele\wow\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\spiele\wow\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{85195875-23A3-4F8C-8737-8568F3E68A40}D:\spiele\wow\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\spiele\wow\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{D2AF7A7E-8AD7-4A58-8B4F-574B4D16BD25}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [UDP Query User{ECB1338C-1C89-4575-9AB0-0617C128E267}C:\program files\guillemot\tools\giwebupdater.exe] => (Allow) C:\program files\guillemot\tools\giwebupdater.exe
FirewallRules: [{4CA88D18-A2A9-4612-B420-6781156BDFE2}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{A69009C1-FEFD-49FE-AF57-857C081DC8A6}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{FB11779F-C67B-43E6-8271-C70DDF14B6AA}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{28B55606-5F2C-4677-8F84-D6A51435DD63}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{F7BA64B8-3877-4800-AC87-DDBF94B9CDD0}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{4FE89E47-E4F3-495C-917D-BA329491F102}] => (Allow) D:\Spiele\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{1E341E10-1ED9-4DC6-9E95-263FF8F69E99}] => (Allow) D:\Spiele\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A8997A5C-61BF-43B6-BDAB-C8A1F6028DA7}] => (Allow) D:\Spiele\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{5C749FA3-BE2B-4862-8AEB-3ADE518106DB}] => (Allow) D:\Spiele\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{EF181CD7-0979-46EB-8120-31762FECCEB3}] => (Allow) D:\Spiele\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [TCP Query User{001BD9C3-76A4-4441-988D-F70D645AB0C9}D:\spiele\wows\wowslauncher.exe] => (Allow) D:\spiele\wows\wowslauncher.exe
FirewallRules: [UDP Query User{1099B1D5-EE1E-4F44-8A8B-0EE74C6A74C1}D:\spiele\wows\wowslauncher.exe] => (Allow) D:\spiele\wows\wowslauncher.exe
FirewallRules: [{171B8D8E-331C-49D4-84D7-76D1A8BCA7AC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3498039D-79D6-4ED8-8A21-C9C54B493AE7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{742EC3C3-388B-4D1B-BB59-A985103EC21A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{383EEDD2-4E3E-4A52-A646-7EBABC38C3CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DC9F757C-2ADA-40AD-890C-37DA7022DDC4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 10:16:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ac2f
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014b32
ID des fehlerhaften Prozesses: 0xf34
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.Systray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.Systray.exe5

Error: (06/20/2015 10:16:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
  bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
  bei System.Configuration.ConfigurationManager.get_AppSettings()
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.Systray.Program.Main(System.String[])

Error: (06/20/2015 01:14:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/20/2015 01:14:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/20/2015 01:14:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ac2f
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014b32
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.Systray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.Systray.exe5

Error: (06/20/2015 01:14:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
  bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
  bei System.Configuration.ConfigurationManager.get_AppSettings()
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.Systray.Program.Main(System.String[])

Error: (06/20/2015 01:12:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/19/2015 11:45:39 PM) (Source: VSS) (EventID: 12344) (User: )
Description: Volumeschattenkopie-Fehler: Bei der Selbstinitialisierung des Registrierungs-Generators ist der Fehler "0x00000000c000014d" aufgetreten.
Dies kann dazu führen, dass die Schattenkopie nicht erstellt werden kann. Prüfen Sie das Anwendungsereignisprotokoll auf diesbezügliche Fehler.


Vorgang:
  OnFreeze-Ereignis
  Freeze-Ereignis

Kontext:
  Ausführungskontext: Registry Writer
  Ausführungskontext: Writer
  Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
  Generatorname: Registry Writer
  Generatorinstanz-ID: {4032c010-05fa-4731-8048-939fa725475c}

Error: (06/19/2015 11:05:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/19/2015 11:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16384, Zeitstempel: 0x5010ac2f
Ausnahmecode: 0xe0434352
Fehleroffset: 0x00014b32
ID des fehlerhaften Prozesses: 0xfac
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.OE.Systray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.OE.Systray.exe5


System errors:
=============
Error: (06/20/2015 01:14:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/20/2015 01:14:20 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x50000000005fe. Der Name der Datei ist "\Users\ego87\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1".

Error: (06/20/2015 01:14:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2015 01:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2015 01:12:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\system32\Rtlihvs.dll
Fehlercode: 126

Error: (06/19/2015 11:47:37 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "Acer" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x30000000000261. Der Name der Datei ist "\Windows\Prefetch\AgCx_SC1.db.trx".

Error: (06/19/2015 11:08:03 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.

Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x50000000005fe. Der Name der Datei ist "\Users\ego87\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1".

Error: (06/19/2015 11:07:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (06/19/2015 11:07:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (06/19/2015 11:05:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.


Microsoft Office:
=========================
Error: (06/20/2015 10:16:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.2.9200.163845010ac2fe043435200014b32f3401d0ab31717f36f8C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllb3853abe-1724-11e5-bfd6-7054d23b0844

Error: (06/20/2015 10:16:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
  bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
  bei System.Configuration.ConfigurationManager.get_AppSettings()
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.Systray.Program.Main(System.String[])

Error: (06/20/2015 01:14:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/20/2015 01:14:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/20/2015 01:14:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.2.9200.163845010ac2fe043435200014b32e1801d0aae5a7b611b8C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle69630c2-16d8-11e5-bfd6-7054d23b0844

Error: (06/20/2015 01:14:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
  bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
  bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
  bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
  bei System.Configuration.ConfigurationManager.get_AppSettings()
  bei Avira.OE.WinCore.OeProductInfo.get_Culture()
  bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
  bei Avira.OE.Systray.Program.Main(System.String[])

Error: (06/20/2015 01:12:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/19/2015 11:45:39 PM) (Source: VSS) (EventID: 12344) (User: )
Description: 0x00000000c000014d

Vorgang:
  OnFreeze-Ereignis
  Freeze-Ereignis

Kontext:
  Ausführungskontext: Registry Writer
  Ausführungskontext: Writer
  Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
  Generatorname: Registry Writer
  Generatorinstanz-ID: {4032c010-05fa-4731-8048-939fa725475c}

Error: (06/19/2015 11:05:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
  bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
  bei NLog.LogFactory.get_Configuration()
  bei NLog.LogFactory.GetLogger(LoggerCacheKey)
  bei NLog.LogFactory.GetLogger(System.String)
  bei NLog.LogManager.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
  bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
  bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
  bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
  bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
  bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
  bei System.Threading.ThreadPoolWorkQueue.Dispatch()
  bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/19/2015 11:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.25.256175447ad92KERNELBASE.dll6.2.9200.163845010ac2fe043435200014b32fac01d0aad3ac3f3876C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllf1c81cc3-16c6-11e5-bfd5-7054d23b0844


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 18%
Total physical RAM: 8128.95 MB
Available physical RAM: 6626.02 MB
Total Pagefile: 9792.95 MB
Available Pagefile: 8145.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:452.75 GB) (Free:284.07 GB) NTFS
Drive d: (DATA) (Fixed) (Total:453.61 GB) (Free:315.5 GB) NTFS
Drive j: (Landwirtschafts-Simulator 2015) (CDROM) (Total:1.87 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 638F6914)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---

schrauber 21.06.2015 07:43
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

ego87 21.06.2015 12:59
So ich hoffe alles ist richtig bis jetz




Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.06.2015
Suchlauf-Zeit: 13:20:56
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.21.01
Rootkit Datenbank: v2015.06.15.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: ego87

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 434578
Verstrichene Zeit: 12 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.OpenCandy, C:\Users\ego87\Downloads\PhotoScape_V3.6.5.exe, In Quarantäne, [8bca8439c8c28fa7984972feff07649c],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)


Code:
# AdwCleaner v4.206 - Bericht erstellt 21/06/2015 um 13:43:04
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-17.1 [Server]
# Betriebssystem : Windows 8  (x64)
# Benutzername : ego87 - EGO
# Gestarted von : C:\Users\ego87\Desktop\adwcleaner_4.206.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.16384


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [972 Bytes] - [19/06/2015 23:48:20]
AdwCleaner[R1].txt - [1030 Bytes] - [19/06/2015 23:50:16]
AdwCleaner[R2].txt - [986 Bytes] - [21/06/2015 00:10:53]
AdwCleaner[R3].txt - [1044 Bytes] - [21/06/2015 13:42:07]
AdwCleaner[S0].txt - [920 Bytes] - [21/06/2015 13:43:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [978  Bytes] ##########




Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.3 (06.19.2015:1)
OS: Windows 8 x64
Ran by ego87 on 21.06.2015 at 13:53:43,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\ego87\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ego87\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\ego87\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ego87\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.06.2015 at 13:55:39,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ego87 (administrator) on EGO on 21-06-2015 13:56:14
Running from C:\Users\ego87\Desktop
Loaded Profiles: ego87 (Available Profiles: ego87 & Ramona & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avguard.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Mozilla Corporation) D:\Programme ego\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => D:\Programme ego\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\MountPoints2: {f694f407-49b6-11e2-be68-806e6f6e6963} - "J:\autorun.exe"
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShowDesktop.scf [2012-06-28] ()
Startup: C:\Users\ego87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar233.lnk [2015-06-21]
ShortcutTarget: Sidebar233.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001 -> {6788F288-5C20-4502-A9BE-D4C344039A91} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9AA29D7F-D637-4AAE-92F8-8AC37C4FD770}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\ego87\AppData\Roaming\Mozilla\Firefox\Profiles\pk6g1a7x.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme ego\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Programme ego\Java\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Programme ego\Java\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Extension: Adblock Plus - C:\Users\ego87\AppData\Roaming\Mozilla\Firefox\Profiles\pk6g1a7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-11]
CHR Extension: (Avira Browser Safety) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (Avast Online Security) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; D:\Programme ego\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Programme ego\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme ego\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme ego\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-10] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1910128 2015-02-04] (Electronic Arts)
S3 SandraAgentSrv; D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\system32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                          )
S3 SANDRA; D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [129264 2014-06-20] (© Guillemot R&D, 2014. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 13:55 - 2015-06-21 13:55 - 00001045 _____ C:\Users\ego87\Desktop\JRT.txt
2015-06-21 13:53 - 2015-06-21 13:53 - 02950750 _____ (Thisisu) C:\Users\ego87\Desktop\JRT.exe
2015-06-21 13:53 - 2015-06-21 13:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EGO-Windows-8-(64-bit).dat
2015-06-21 13:53 - 2015-06-21 13:53 - 00000000 ____D C:\RegBackup
2015-06-21 13:45 - 2015-06-21 13:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-91609.txt
2015-06-21 13:43 - 2015-06-21 13:43 - 00000117 _____ C:\WINDOWS\system32\netcfg-431921.txt
2015-06-21 13:41 - 2015-06-21 13:41 - 00001281 _____ C:\Users\ego87\Desktop\mbam.txt
2015-06-21 13:37 - 2015-06-21 13:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-91281.txt
2015-06-21 13:36 - 2015-06-21 13:43 - 00000964 _____ C:\WINDOWS\PFRO.log
2015-06-21 13:35 - 2015-06-21 13:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-131007468.txt
2015-06-21 13:20 - 2015-06-21 13:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 13:20 - 2015-06-21 13:20 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-21 13:20 - 2015-06-21 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-21 13:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-21 13:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-21 13:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-21 13:19 - 2015-06-21 13:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-21 13:19 - 2015-06-21 13:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-21 13:18 - 2015-06-21 13:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ego87\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-21 13:11 - 2015-06-21 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-129597734.txt
2015-06-21 13:11 - 2015-06-21 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-129594390.txt
2015-06-20 19:50 - 2015-06-20 19:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-67117515.txt
2015-06-20 19:50 - 2015-06-20 19:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-67114703.txt
2015-06-20 10:35 - 2015-06-20 10:39 - 13188965 _____ C:\Users\ego87\Desktop\Claas_Rollant_250.zip
2015-06-20 10:25 - 2015-06-21 13:56 - 00013126 _____ C:\Users\ego87\Desktop\FRST.txt
2015-06-20 10:25 - 2015-06-20 10:25 - 00055269 _____ C:\Users\ego87\Desktop\Addition.txt
2015-06-20 10:24 - 2015-06-21 13:56 - 00000000 ____D C:\FRST
2015-06-20 10:24 - 2015-06-20 10:24 - 02109952 _____ (Farbar) C:\Users\ego87\Desktop\FRST64.exe
2015-06-20 10:16 - 2015-06-20 10:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-32675937.txt
2015-06-20 10:16 - 2015-06-20 10:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-32673671.txt
2015-06-20 01:14 - 2015-06-20 01:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-140375.txt
2015-06-20 01:13 - 2015-06-20 01:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-73015.txt
2015-06-20 01:10 - 2015-06-20 01:10 - 00001095 _____ C:\WINDOWS\system32\netcfg-7550546.txt
2015-06-20 01:07 - 2015-06-20 01:07 - 00001095 _____ C:\WINDOWS\system32\netcfg-7374312.txt
2015-06-20 01:06 - 2015-06-20 01:06 - 00001095 _____ C:\WINDOWS\system32\netcfg-7336031.txt
2015-06-20 00:27 - 2015-06-20 00:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-06-20 00:27 - 2015-06-20 00:27 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-20 00:27 - 2015-06-20 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-20 00:27 - 2015-06-20 00:27 - 00000000 ____D C:\Program Files\CCleaner
2015-06-20 00:26 - 2015-06-20 00:26 - 00000173 _____ C:\WINDOWS\system32\netcfg-4941046.txt
2015-06-20 00:26 - 2015-06-20 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-4944859.txt
2015-06-20 00:26 - 2015-06-20 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-4944750.txt
2015-06-20 00:18 - 2015-06-20 00:19 - 00001095 _____ C:\WINDOWS\system32\netcfg-4472921.txt
2015-06-20 00:15 - 2015-06-20 00:15 - 00001095 _____ C:\WINDOWS\system32\netcfg-4284937.txt
2015-06-20 00:14 - 2015-06-20 00:15 - 00001095 _____ C:\WINDOWS\system32\netcfg-4222218.txt
2015-06-19 23:55 - 2015-06-19 23:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-3048406.txt
2015-06-19 23:54 - 2015-06-20 00:26 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-06-19 23:54 - 2015-06-19 23:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-3045093.txt
2015-06-19 23:54 - 2015-06-19 23:54 - 00000171 _____ C:\WINDOWS\system32\netcfg-3025453.txt
2015-06-19 23:54 - 2015-06-19 23:54 - 00000000 ____D C:\Program Files (x86)\iS3
2015-06-19 23:48 - 2015-06-21 13:43 - 00000000 ____D C:\AdwCleaner
2015-06-19 23:47 - 2015-06-19 23:47 - 02231296 _____ C:\Users\ego87\Desktop\adwcleaner_4.206.exe
2015-06-19 23:39 - 2015-06-20 00:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-19 23:39 - 2015-06-19 23:39 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-19 23:39 - 2015-06-19 23:39 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-19 23:03 - 2015-06-19 23:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-17818843.txt
2015-06-19 22:35 - 2015-06-19 23:02 - 117305526 _____ C:\Users\ego87\Desktop\FS15_JohnDeere8430Pack.rar
2015-06-19 18:09 - 2015-06-19 18:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-154953.txt
2015-06-19 18:06 - 2015-06-19 18:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-105377703.txt
2015-06-19 17:51 - 2015-06-19 17:51 - 00000000 ____D C:\Users\ego87\Desktop\LS15 Texturpack
2015-06-19 14:08 - 2015-06-19 14:11 - 11796047 _____ C:\Users\ego87\Desktop\Annaburger_HTS.zip
2015-06-19 13:56 - 2015-06-19 13:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-90388171.txt
2015-06-19 13:56 - 2015-06-19 13:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-90387515.txt
2015-06-18 21:27 - 2015-06-18 21:27 - 06019269 _____ C:\Users\ego87\Desktop\LS15 Texturpack.rar
2015-06-18 12:54 - 2015-06-18 12:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-256718.txt
2015-06-18 08:25 - 2015-06-18 08:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-29602250.txt
2015-06-18 08:04 - 2015-06-18 08:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-28326718.txt
2015-06-18 08:04 - 2015-06-18 08:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-28323265.txt
2015-06-18 00:35 - 2015-06-18 00:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-1394531.txt
2015-06-18 00:35 - 2015-06-18 00:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-1391046.txt
2015-06-18 00:19 - 2015-06-18 00:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-460640.txt
2015-06-18 00:11 - 2015-06-18 00:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-178268812.txt
2015-06-18 00:10 - 2015-06-18 00:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-178247718.txt
2015-06-18 00:06 - 2015-06-18 00:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-177990031.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177759109.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177749093.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177738500.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177734734.txt
2015-06-17 19:15 - 2015-06-17 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-160542890.txt
2015-06-17 19:15 - 2015-06-17 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-160540187.txt
2015-06-16 20:31 - 2015-06-16 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-78702890.txt
2015-06-16 20:31 - 2015-06-16 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-78700765.txt
2015-06-15 22:45 - 2015-06-15 22:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-343453.txt
2015-06-15 22:39 - 2015-06-15 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-431635687.txt
2015-06-15 19:15 - 2015-06-15 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-419381406.txt
2015-06-15 19:15 - 2015-06-15 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-419379390.txt
2015-06-14 14:51 - 2015-06-14 14:54 - 349300920 _____ (GIANTS Software ) C:\Users\ego87\Desktop\FarmingSimulator2015Patch1.3DE.exe
2015-06-14 14:33 - 2015-06-14 14:33 - 00029094 _____ C:\Users\ego87\Desktop\MoneyModLS15.zip
2015-06-14 11:31 - 2015-06-15 22:32 - 00000000 ____D C:\Users\ego87\Desktop\LS 15 Mods
2015-06-14 11:07 - 2015-06-14 11:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-303732156.txt
2015-06-14 11:07 - 2015-06-14 11:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-303729437.txt
2015-06-13 13:57 - 2015-06-13 13:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-227539734.txt
2015-06-13 13:57 - 2015-06-13 13:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-227537609.txt
2015-06-12 23:27 - 2015-06-12 23:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-175322203.txt
2015-06-12 23:27 - 2015-06-12 23:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-175293156.txt
2015-06-12 14:55 - 2015-06-12 14:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-144627015.txt
2015-06-12 14:55 - 2015-06-12 14:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-144623546.txt
2015-06-11 13:13 - 2015-06-11 13:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-52082953.txt
2015-06-11 13:13 - 2015-06-11 13:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-52081046.txt
2015-06-10 22:46 - 2015-06-10 22:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-91046.txt
2015-06-10 22:44 - 2015-06-10 22:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-343707468.txt
2015-06-10 22:30 - 2015-06-10 22:30 - 00000608 _____ C:\Users\ego87\Downloads\ICGames LS15.txt
2015-06-10 19:47 - 2015-06-15 21:50 - 00000000 ____D C:\Users\ego87\AppData\Roaming\OBS
2015-06-10 19:47 - 2015-06-10 19:47 - 00000943 _____ C:\Users\ego87\Desktop\Open Broadcaster Software.lnk
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Program Files\OBS
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Program Files (x86)\OBS
2015-06-10 19:39 - 2015-06-10 19:39 - 07516302 _____ C:\Users\ego87\Downloads\OBS_0_64b_Installer.exe
2015-06-10 08:47 - 2015-06-10 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-293470015.txt
2015-06-10 08:47 - 2015-06-10 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-293467343.txt
2015-06-09 19:13 - 2015-06-09 19:13 - 18169520 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-06-09 15:01 - 2015-06-09 15:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-229543531.txt
2015-06-09 15:01 - 2015-06-09 15:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-229540265.txt
2015-06-08 13:47 - 2015-06-08 13:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-138648984.txt
2015-06-08 13:46 - 2015-06-08 13:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-138647187.txt
2015-06-07 11:16 - 2015-06-07 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-43215140.txt
2015-06-07 11:16 - 2015-06-07 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-43214750.txt
2015-06-06 23:17 - 2015-06-06 23:17 - 00000117 _____ C:\WINDOWS\system32\netcfg-92625.txt
2015-06-06 23:15 - 2015-06-06 23:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-174846359.txt
2015-06-06 20:33 - 2015-06-06 20:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-165115593.txt
2015-06-06 20:33 - 2015-06-06 20:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-165115218.txt
2015-06-05 13:30 - 2015-06-05 13:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-53366421.txt
2015-06-05 13:30 - 2015-06-05 13:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-53364515.txt
2015-06-04 22:42 - 2015-06-04 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-100234.txt
2015-06-04 22:40 - 2015-06-04 22:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-349069812.txt
2015-06-04 20:18 - 2015-06-04 20:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-340544265.txt
2015-06-04 20:18 - 2015-06-04 20:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-340541015.txt
2015-06-04 15:03 - 2015-06-04 15:03 - 00000641 _____ C:\Users\Public\Desktop\World of Warships.lnk
2015-06-04 15:03 - 2015-06-04 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-06-04 14:02 - 2015-06-04 14:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-317952109.txt
2015-06-04 14:01 - 2015-06-04 14:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-317949296.txt
2015-06-03 07:48 - 2015-06-03 07:48 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-03 07:13 - 2015-06-03 07:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-207036218.txt
2015-06-03 07:13 - 2015-06-03 07:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-207033187.txt
2015-06-02 17:29 - 2015-06-02 17:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-157618671.txt
2015-06-02 17:29 - 2015-06-02 17:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-157615484.txt
2015-06-01 09:50 - 2015-06-01 09:53 - 00000000 ____D C:\Users\ego87\Documents\ETS2MP
2015-06-01 09:39 - 2015-06-01 09:39 - 00000805 _____ C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-06-01 09:39 - 2015-06-01 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-06-01 09:32 - 2015-06-01 09:32 - 10153019 _____ C:\Users\ego87\Desktop\ets2mp_18000.zip
2015-06-01 08:38 - 2015-06-01 08:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-39378703.txt
2015-06-01 08:38 - 2015-06-01 08:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-39378515.txt
2015-05-31 21:44 - 2015-05-31 21:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-89125.txt
2015-05-31 21:42 - 2015-05-31 21:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-31125625.txt
2015-05-31 18:50 - 2015-05-31 18:50 - 00000209 _____ C:\Users\ego87\Desktop\Euro Truck Simulator 2.url
2015-05-31 13:05 - 2015-05-31 13:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-100218.txt
2015-05-31 13:02 - 2015-05-31 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-761140718.txt
2015-05-31 12:46 - 2015-05-31 12:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-760177437.txt
2015-05-31 12:46 - 2015-05-31 12:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-760174937.txt
2015-05-30 18:05 - 2015-05-30 18:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-692894046.txt
2015-05-30 17:56 - 2015-05-30 17:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-692370484.txt
2015-05-30 13:27 - 2015-05-30 13:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-676262109.txt
2015-05-30 13:27 - 2015-05-30 13:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-676261406.txt
2015-05-29 20:07 - 2015-05-29 20:16 - 348825232 _____ (GIANTS Software ) C:\Users\ego87\Downloads\FarmingSimulator2015Patch1.3DE_PublicBeta1.exe
2015-05-29 20:07 - 2015-05-29 20:15 - 348833040 _____ (GIANTS Software ) C:\Users\ego87\Downloads\FarmingSimulator2015Patch1.3DE_PublicBeta2.exe
2015-05-29 17:30 - 2015-05-29 17:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-604419500.txt
2015-05-29 17:30 - 2015-05-29 17:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-604416796.txt
2015-05-28 19:33 - 2015-05-28 19:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-525367218.txt
2015-05-28 19:32 - 2015-05-28 19:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-525365531.txt
2015-05-26 19:34 - 2015-05-26 19:34 - 00000117 _____ C:\WINDOWS\system32\netcfg-352690250.txt
2015-05-26 19:34 - 2015-05-26 19:34 - 00000117 _____ C:\WINDOWS\system32\netcfg-352688500.txt
2015-05-25 17:56 - 2015-05-25 17:56 - 00000000 ____D C:\Program Files\avast software
2015-05-25 17:52 - 2015-05-25 17:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-260133781.txt
2015-05-25 17:52 - 2015-05-25 17:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-260131468.txt
2015-05-23 17:01 - 2015-05-23 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-84311078.txt
2015-05-23 17:01 - 2015-05-23 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-84309859.txt
2015-05-22 17:38 - 2015-05-22 17:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-83281.txt
2015-05-22 17:35 - 2015-05-22 17:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-155324046.txt
2015-05-22 17:16 - 2015-05-22 17:29 - 1343648339 _____ C:\Users\ego87\Desktop\all_mods_download.zip
2015-05-22 16:18 - 2015-05-22 16:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-150658109.txt
2015-05-22 16:18 - 2015-05-22 16:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-150654828.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-21 13:51 - 2014-01-13 21:28 - 00000000 ____D C:\Users\ego87\AppData\Local\CrashDumps
2015-06-21 13:47 - 2014-03-01 22:55 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-21 13:44 - 2014-03-01 22:55 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-21 13:44 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-21 13:36 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-21 13:13 - 2014-01-01 21:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-21 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-20 14:17 - 2013-12-31 12:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382921263-2657641692-2300306991-1001
2015-06-20 01:12 - 2012-07-26 09:19 - 00285616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-20 01:10 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-20 00:30 - 2014-04-24 00:12 - 00000000 ____D C:\Users\ego87\AppData\Roaming\PhotoScape
2015-06-20 00:30 - 2014-01-01 21:32 - 00000000 ____D C:\Users\ego87\AppData\Roaming\TeamViewer
2015-06-20 00:29 - 2014-02-10 12:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-20 00:29 - 2012-08-02 18:04 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-20 00:25 - 2014-01-26 14:04 - 00000000 ____D C:\ProgramData\Ashampoo
2015-06-20 00:01 - 2014-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\ViUpdater
2015-06-18 08:25 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-18 08:24 - 2014-01-10 21:49 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Skype
2015-06-18 08:23 - 2014-01-10 21:49 - 00000000 ____D C:\ProgramData\Skype
2015-06-10 12:49 - 2013-12-31 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-10 12:48 - 2013-12-31 12:53 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-10 12:48 - 2013-12-31 12:53 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-10 09:48 - 2014-03-01 22:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 19:13 - 2014-01-01 21:10 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-04 15:03 - 2014-03-20 18:22 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-06-04 14:52 - 2014-04-05 19:55 - 00000000 ____D C:\Users\ego87\Documents\Euro Truck Simulator 2
2015-06-03 07:48 - 2014-03-01 22:55 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-01 09:22 - 2014-01-01 19:14 - 00000000 ____D C:\Users\ego87\AppData\Local\Thunderbird
2015-05-30 15:57 - 2013-11-12 19:51 - 00000000 ___RD C:\Users\ego87\Dropbox
2015-05-30 14:51 - 2014-01-01 19:35 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Dropbox
2015-05-29 20:21 - 2014-10-31 17:10 - 00000887 _____ C:\Users\ego87\Desktop\Landwirtschafts Simulator 15 .lnk
2015-05-29 20:21 - 2014-10-31 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015

==================== Files in the root of some directories =======

2015-04-21 00:38 - 2015-04-23 16:37 - 0000022 _____ () C:\Users\ego87\AppData\Roaming\Network Meter_Usage.ini
2014-08-09 16:38 - 2014-09-02 12:42 - 14155776 _____ () C:\Users\ego87\AppData\Roaming\Sandra.mdb
2015-04-20 23:53 - 2015-04-20 23:53 - 0000122 _____ () C:\Users\ego87\AppData\Roaming\System Monitor II_UptimeRecord.ini
2014-11-23 18:10 - 2014-11-23 18:10 - 0002070 _____ () C:\Users\ego87\AppData\Local\recently-used.xbel
2014-02-24 10:44 - 2014-02-24 10:44 - 0007597 _____ () C:\Users\ego87\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\ego87\IP_Log_Data.js
C:\Users\ego87\Network_Meter_Data.js


Some files in TEMP:
====================
C:\Users\ego87\AppData\Local\Temp\avgnt.exe
C:\Users\ego87\AppData\Local\Temp\Quarantine.exe
C:\Users\ego87\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-11 13:24

==================== End of log ============================

schrauber 22.06.2015 06:37

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ego87 22.06.2015 21:09
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9fd53c823f6e3e45b37f69cb32be5adf
# end=init
# utc_time=2015-06-22 05:30:08
# local_time=2015-06-22 07:30:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24446
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9fd53c823f6e3e45b37f69cb32be5adf
# end=updated
# utc_time=2015-06-22 05:34:32
# local_time=2015-06-22 07:34:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9fd53c823f6e3e45b37f69cb32be5adf
# engine=24446
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-22 08:00:38
# local_time=2015-06-22 10:00:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 79609257 94509349 0 0
# scanned=401340
# found=0
# cleaned=0
# scan_time=8765


Code:
Results of screen317's Security Check version 1.002 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus   
Windows Defender 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Java version 32-bit out of Date!
 Adobe Flash Player        17.0.0.188 
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ego87 (administrator) on EGO on 22-06-2015 22:05:19
Running from C:\Users\ego87\Desktop
Loaded Profiles: ego87 (Available Profiles: ego87 & Ramona & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Thrustmaster®) C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) D:\Programme ego\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) D:\Programme ego\Mozilla Firefox\firefox.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(TeamSpeak Systems GmbH) D:\Programme ego\Teamspeak 3\ts3client_win64.exe
(Mozilla Corporation) D:\Programme ego\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Engelmann Media) D:\Programme ego\Win8Starter\Win8Starter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => D:\Programme ego\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\...\MountPoints2: {f694f407-49b6-11e2-be68-806e6f6e6963} - "J:\autorun.exe"
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShowDesktop.scf [2012-06-28] ()
Startup: C:\Users\ego87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar36.lnk [2015-06-22]
ShortcutTarget: Sidebar36.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ego87\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2382921263-2657641692-2300306991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2382921263-2657641692-2300306991-1001 -> {6788F288-5C20-4502-A9BE-D4C344039A91} URL =
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9AA29D7F-D637-4AAE-92F8-8AC37C4FD770}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\ego87\AppData\Roaming\Mozilla\Firefox\Profiles\pk6g1a7x.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme ego\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> D:\Programme ego\Java\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> D:\Programme ego\Java\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Extension: Adblock Plus - C:\Users\ego87\AppData\Roaming\Mozilla\Firefox\Profiles\pk6g1a7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-11]
CHR Extension: (Avira Browser Safety) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (Avast Online Security) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\ego87\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; D:\Programme ego\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Programme ego\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme ego\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programme ego\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-10] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S3 Origin Client Service; D:\Spiele\Origin\OriginClientService.exe [1910128 2015-02-04] (Electronic Arts)
S3 SandraAgentSrv; D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R2 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\system32\DRIVERS\WNA1000M.sys [855144 2011-01-31] (Realtek Semiconductor Corporation                          )
S3 SANDRA; D:\Programme ego\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [129264 2014-06-20] (© Guillemot R&D, 2014. All rights reserved.)
S3 tmhidusb; C:\Windows\system32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 22:03 - 2015-06-22 22:03 - 00852639 _____ C:\Users\ego87\Desktop\SecurityCheck.exe
2015-06-22 20:32 - 2015-06-22 20:42 - 00002921 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-22 19:14 - 2015-06-22 19:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-96156.txt
2015-06-22 09:54 - 2015-06-22 09:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-72661640.txt
2015-06-22 09:51 - 2015-06-22 09:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-72438281.txt
2015-06-22 09:51 - 2015-06-22 09:51 - 00000117 _____ C:\WINDOWS\system32\netcfg-72434390.txt
2015-06-21 19:07 - 2015-06-21 19:07 - 00000206 _____ C:\Users\ego87\Desktop\Counter-Strike Global Offensive.url
2015-06-21 13:55 - 2015-06-21 13:55 - 00001045 _____ C:\Users\ego87\Desktop\JRT.txt
2015-06-21 13:53 - 2015-06-21 13:53 - 02950750 _____ (Thisisu) C:\Users\ego87\Desktop\JRT.exe
2015-06-21 13:53 - 2015-06-21 13:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EGO-Windows-8-(64-bit).dat
2015-06-21 13:53 - 2015-06-21 13:53 - 00000000 ____D C:\RegBackup
2015-06-21 13:45 - 2015-06-21 13:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-91609.txt
2015-06-21 13:43 - 2015-06-21 13:43 - 00000117 _____ C:\WINDOWS\system32\netcfg-431921.txt
2015-06-21 13:41 - 2015-06-21 13:41 - 00001281 _____ C:\Users\ego87\Desktop\mbam.txt
2015-06-21 13:37 - 2015-06-21 13:37 - 00000117 _____ C:\WINDOWS\system32\netcfg-91281.txt
2015-06-21 13:35 - 2015-06-21 13:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-131007468.txt
2015-06-21 13:20 - 2015-06-22 20:03 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 13:20 - 2015-06-21 13:20 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-21 13:20 - 2015-06-21 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-21 13:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-21 13:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-21 13:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-21 13:19 - 2015-06-21 13:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-21 13:19 - 2015-06-21 13:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-21 13:18 - 2015-06-21 13:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ego87\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-21 13:11 - 2015-06-21 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-129597734.txt
2015-06-21 13:11 - 2015-06-21 13:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-129594390.txt
2015-06-20 19:50 - 2015-06-20 19:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-67117515.txt
2015-06-20 19:50 - 2015-06-20 19:50 - 00000117 _____ C:\WINDOWS\system32\netcfg-67114703.txt
2015-06-20 10:35 - 2015-06-20 10:39 - 13188965 _____ C:\Users\ego87\Desktop\Claas_Rollant_250.zip
2015-06-20 10:25 - 2015-06-22 22:05 - 00015224 _____ C:\Users\ego87\Desktop\FRST.txt
2015-06-20 10:25 - 2015-06-20 10:25 - 00055269 _____ C:\Users\ego87\Desktop\Addition.txt
2015-06-20 10:24 - 2015-06-22 22:05 - 00000000 ____D C:\FRST
2015-06-20 10:24 - 2015-06-20 10:24 - 02109952 _____ (Farbar) C:\Users\ego87\Desktop\FRST64.exe
2015-06-20 10:16 - 2015-06-20 10:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-32675937.txt
2015-06-20 10:16 - 2015-06-20 10:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-32673671.txt
2015-06-20 01:14 - 2015-06-20 01:14 - 00000117 _____ C:\WINDOWS\system32\netcfg-140375.txt
2015-06-20 01:13 - 2015-06-20 01:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-73015.txt
2015-06-20 01:10 - 2015-06-20 01:10 - 00001095 _____ C:\WINDOWS\system32\netcfg-7550546.txt
2015-06-20 01:07 - 2015-06-20 01:07 - 00001095 _____ C:\WINDOWS\system32\netcfg-7374312.txt
2015-06-20 01:06 - 2015-06-20 01:06 - 00001095 _____ C:\WINDOWS\system32\netcfg-7336031.txt
2015-06-20 00:27 - 2015-06-20 00:27 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-06-20 00:27 - 2015-06-20 00:27 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-20 00:27 - 2015-06-20 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-20 00:27 - 2015-06-20 00:27 - 00000000 ____D C:\Program Files\CCleaner
2015-06-20 00:26 - 2015-06-20 00:26 - 00000173 _____ C:\WINDOWS\system32\netcfg-4941046.txt
2015-06-20 00:26 - 2015-06-20 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-4944859.txt
2015-06-20 00:26 - 2015-06-20 00:26 - 00000117 _____ C:\WINDOWS\system32\netcfg-4944750.txt
2015-06-20 00:18 - 2015-06-20 00:19 - 00001095 _____ C:\WINDOWS\system32\netcfg-4472921.txt
2015-06-20 00:15 - 2015-06-20 00:15 - 00001095 _____ C:\WINDOWS\system32\netcfg-4284937.txt
2015-06-20 00:14 - 2015-06-20 00:15 - 00001095 _____ C:\WINDOWS\system32\netcfg-4222218.txt
2015-06-19 23:55 - 2015-06-19 23:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-3048406.txt
2015-06-19 23:54 - 2015-06-20 00:26 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-06-19 23:54 - 2015-06-19 23:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-3045093.txt
2015-06-19 23:54 - 2015-06-19 23:54 - 00000171 _____ C:\WINDOWS\system32\netcfg-3025453.txt
2015-06-19 23:54 - 2015-06-19 23:54 - 00000000 ____D C:\Program Files (x86)\iS3
2015-06-19 23:48 - 2015-06-21 13:43 - 00000000 ____D C:\AdwCleaner
2015-06-19 23:47 - 2015-06-19 23:47 - 02231296 _____ C:\Users\ego87\Desktop\adwcleaner_4.206.exe
2015-06-19 23:39 - 2015-06-20 00:33 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-19 23:39 - 2015-06-19 23:39 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-19 23:39 - 2015-06-19 23:39 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-19 23:03 - 2015-06-19 23:03 - 00000117 _____ C:\WINDOWS\system32\netcfg-17818843.txt
2015-06-19 22:35 - 2015-06-19 23:02 - 117305526 _____ C:\Users\ego87\Desktop\FS15_JohnDeere8430Pack.rar
2015-06-19 18:09 - 2015-06-19 18:09 - 00000117 _____ C:\WINDOWS\system32\netcfg-154953.txt
2015-06-19 18:06 - 2015-06-19 18:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-105377703.txt
2015-06-19 17:51 - 2015-06-19 17:51 - 00000000 ____D C:\Users\ego87\Desktop\LS15 Texturpack
2015-06-19 14:08 - 2015-06-19 14:11 - 11796047 _____ C:\Users\ego87\Desktop\Annaburger_HTS.zip
2015-06-19 13:56 - 2015-06-19 13:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-90388171.txt
2015-06-19 13:56 - 2015-06-19 13:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-90387515.txt
2015-06-18 21:27 - 2015-06-18 21:27 - 06019269 _____ C:\Users\ego87\Desktop\LS15 Texturpack.rar
2015-06-18 12:54 - 2015-06-18 12:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-256718.txt
2015-06-18 08:25 - 2015-06-18 08:25 - 00000117 _____ C:\WINDOWS\system32\netcfg-29602250.txt
2015-06-18 08:04 - 2015-06-18 08:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-28326718.txt
2015-06-18 08:04 - 2015-06-18 08:04 - 00000117 _____ C:\WINDOWS\system32\netcfg-28323265.txt
2015-06-18 00:35 - 2015-06-18 00:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-1394531.txt
2015-06-18 00:35 - 2015-06-18 00:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-1391046.txt
2015-06-18 00:19 - 2015-06-18 00:19 - 00000117 _____ C:\WINDOWS\system32\netcfg-460640.txt
2015-06-18 00:11 - 2015-06-18 00:11 - 00000117 _____ C:\WINDOWS\system32\netcfg-178268812.txt
2015-06-18 00:10 - 2015-06-18 00:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-178247718.txt
2015-06-18 00:06 - 2015-06-18 00:06 - 00000117 _____ C:\WINDOWS\system32\netcfg-177990031.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177759109.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177749093.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177738500.txt
2015-06-18 00:02 - 2015-06-18 00:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-177734734.txt
2015-06-17 19:15 - 2015-06-17 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-160542890.txt
2015-06-17 19:15 - 2015-06-17 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-160540187.txt
2015-06-16 20:31 - 2015-06-16 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-78702890.txt
2015-06-16 20:31 - 2015-06-16 20:31 - 00000117 _____ C:\WINDOWS\system32\netcfg-78700765.txt
2015-06-15 22:45 - 2015-06-15 22:45 - 00000117 _____ C:\WINDOWS\system32\netcfg-343453.txt
2015-06-15 22:39 - 2015-06-15 22:39 - 00000117 _____ C:\WINDOWS\system32\netcfg-431635687.txt
2015-06-15 19:15 - 2015-06-15 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-419381406.txt
2015-06-15 19:15 - 2015-06-15 19:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-419379390.txt
2015-06-14 14:51 - 2015-06-14 14:54 - 349300920 _____ (GIANTS Software ) C:\Users\ego87\Desktop\FarmingSimulator2015Patch1.3DE.exe
2015-06-14 14:33 - 2015-06-14 14:33 - 00029094 _____ C:\Users\ego87\Desktop\MoneyModLS15.zip
2015-06-14 11:31 - 2015-06-21 17:21 - 00000000 ____D C:\Users\ego87\Desktop\LS 15 Mods
2015-06-14 11:07 - 2015-06-14 11:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-303732156.txt
2015-06-14 11:07 - 2015-06-14 11:07 - 00000117 _____ C:\WINDOWS\system32\netcfg-303729437.txt
2015-06-13 13:57 - 2015-06-13 13:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-227539734.txt
2015-06-13 13:57 - 2015-06-13 13:57 - 00000117 _____ C:\WINDOWS\system32\netcfg-227537609.txt
2015-06-12 23:27 - 2015-06-12 23:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-175322203.txt
2015-06-12 23:27 - 2015-06-12 23:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-175293156.txt
2015-06-12 14:55 - 2015-06-12 14:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-144627015.txt
2015-06-12 14:55 - 2015-06-12 14:55 - 00000117 _____ C:\WINDOWS\system32\netcfg-144623546.txt
2015-06-11 13:13 - 2015-06-11 13:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-52082953.txt
2015-06-11 13:13 - 2015-06-11 13:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-52081046.txt
2015-06-10 22:46 - 2015-06-10 22:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-91046.txt
2015-06-10 22:44 - 2015-06-10 22:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-343707468.txt
2015-06-10 22:30 - 2015-06-10 22:30 - 00000608 _____ C:\Users\ego87\Downloads\ICGames LS15.txt
2015-06-10 19:47 - 2015-06-15 21:50 - 00000000 ____D C:\Users\ego87\AppData\Roaming\OBS
2015-06-10 19:47 - 2015-06-10 19:47 - 00000943 _____ C:\Users\ego87\Desktop\Open Broadcaster Software.lnk
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Program Files\OBS
2015-06-10 19:47 - 2015-06-10 19:47 - 00000000 ____D C:\Program Files (x86)\OBS
2015-06-10 19:39 - 2015-06-10 19:39 - 07516302 _____ C:\Users\ego87\Downloads\OBS_0_64b_Installer.exe
2015-06-10 08:47 - 2015-06-10 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-293470015.txt
2015-06-10 08:47 - 2015-06-10 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-293467343.txt
2015-06-09 19:13 - 2015-06-09 19:13 - 18169520 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-06-09 15:01 - 2015-06-09 15:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-229543531.txt
2015-06-09 15:01 - 2015-06-09 15:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-229540265.txt
2015-06-08 13:47 - 2015-06-08 13:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-138648984.txt
2015-06-08 13:46 - 2015-06-08 13:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-138647187.txt
2015-06-07 11:16 - 2015-06-07 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-43215140.txt
2015-06-07 11:16 - 2015-06-07 11:16 - 00000117 _____ C:\WINDOWS\system32\netcfg-43214750.txt
2015-06-06 23:17 - 2015-06-06 23:17 - 00000117 _____ C:\WINDOWS\system32\netcfg-92625.txt
2015-06-06 23:15 - 2015-06-06 23:15 - 00000117 _____ C:\WINDOWS\system32\netcfg-174846359.txt
2015-06-06 20:33 - 2015-06-06 20:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-165115593.txt
2015-06-06 20:33 - 2015-06-06 20:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-165115218.txt
2015-06-05 13:30 - 2015-06-05 13:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-53366421.txt
2015-06-05 13:30 - 2015-06-05 13:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-53364515.txt
2015-06-04 22:42 - 2015-06-04 22:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-100234.txt
2015-06-04 22:40 - 2015-06-04 22:40 - 00000117 _____ C:\WINDOWS\system32\netcfg-349069812.txt
2015-06-04 20:18 - 2015-06-04 20:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-340544265.txt
2015-06-04 20:18 - 2015-06-04 20:18 - 00000117 _____ C:\WINDOWS\system32\netcfg-340541015.txt
2015-06-04 15:03 - 2015-06-04 15:03 - 00000641 _____ C:\Users\Public\Desktop\World of Warships.lnk
2015-06-04 15:03 - 2015-06-04 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-06-04 14:02 - 2015-06-04 14:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-317952109.txt
2015-06-04 14:01 - 2015-06-04 14:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-317949296.txt
2015-06-03 07:48 - 2015-06-03 07:48 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-03 07:13 - 2015-06-03 07:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-207036218.txt
2015-06-03 07:13 - 2015-06-03 07:13 - 00000117 _____ C:\WINDOWS\system32\netcfg-207033187.txt
2015-06-02 17:29 - 2015-06-02 17:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-157618671.txt
2015-06-02 17:29 - 2015-06-02 17:29 - 00000117 _____ C:\WINDOWS\system32\netcfg-157615484.txt
2015-06-01 09:50 - 2015-06-01 09:53 - 00000000 ____D C:\Users\ego87\Documents\ETS2MP
2015-06-01 09:39 - 2015-06-01 09:39 - 00000805 _____ C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk
2015-06-01 09:39 - 2015-06-01 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-06-01 09:32 - 2015-06-01 09:32 - 10153019 _____ C:\Users\ego87\Desktop\ets2mp_18000.zip
2015-06-01 08:38 - 2015-06-01 08:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-39378703.txt
2015-06-01 08:38 - 2015-06-01 08:38 - 00000117 _____ C:\WINDOWS\system32\netcfg-39378515.txt
2015-05-31 21:44 - 2015-05-31 21:44 - 00000117 _____ C:\WINDOWS\system32\netcfg-89125.txt
2015-05-31 21:42 - 2015-05-31 21:42 - 00000117 _____ C:\WINDOWS\system32\netcfg-31125625.txt
2015-05-31 18:50 - 2015-05-31 18:50 - 00000209 _____ C:\Users\ego87\Desktop\Euro Truck Simulator 2.url
2015-05-31 13:05 - 2015-05-31 13:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-100218.txt
2015-05-31 13:02 - 2015-05-31 13:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-761140718.txt
2015-05-31 12:46 - 2015-05-31 12:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-760177437.txt
2015-05-31 12:46 - 2015-05-31 12:46 - 00000117 _____ C:\WINDOWS\system32\netcfg-760174937.txt
2015-05-30 18:05 - 2015-05-30 18:05 - 00000117 _____ C:\WINDOWS\system32\netcfg-692894046.txt
2015-05-30 17:56 - 2015-05-30 17:56 - 00000117 _____ C:\WINDOWS\system32\netcfg-692370484.txt
2015-05-30 13:27 - 2015-05-30 13:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-676262109.txt
2015-05-30 13:27 - 2015-05-30 13:27 - 00000117 _____ C:\WINDOWS\system32\netcfg-676261406.txt
2015-05-29 20:07 - 2015-05-29 20:16 - 348825232 _____ (GIANTS Software ) C:\Users\ego87\Downloads\FarmingSimulator2015Patch1.3DE_PublicBeta1.exe
2015-05-29 20:07 - 2015-05-29 20:15 - 348833040 _____ (GIANTS Software ) C:\Users\ego87\Downloads\FarmingSimulator2015Patch1.3DE_PublicBeta2.exe
2015-05-29 17:30 - 2015-05-29 17:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-604419500.txt
2015-05-29 17:30 - 2015-05-29 17:30 - 00000117 _____ C:\WINDOWS\system32\netcfg-604416796.txt
2015-05-28 19:33 - 2015-05-28 19:33 - 00000117 _____ C:\WINDOWS\system32\netcfg-525367218.txt
2015-05-28 19:32 - 2015-05-28 19:32 - 00000117 _____ C:\WINDOWS\system32\netcfg-525365531.txt
2015-05-26 19:34 - 2015-05-26 19:34 - 00000117 _____ C:\WINDOWS\system32\netcfg-352690250.txt
2015-05-26 19:34 - 2015-05-26 19:34 - 00000117 _____ C:\WINDOWS\system32\netcfg-352688500.txt
2015-05-25 17:56 - 2015-05-25 17:56 - 00000000 ____D C:\Program Files\avast software
2015-05-25 17:52 - 2015-05-25 17:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-260133781.txt
2015-05-25 17:52 - 2015-05-25 17:52 - 00000117 _____ C:\WINDOWS\system32\netcfg-260131468.txt
2015-05-23 17:01 - 2015-05-23 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-84311078.txt
2015-05-23 17:01 - 2015-05-23 17:01 - 00000117 _____ C:\WINDOWS\system32\netcfg-84309859.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 22:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-22 21:47 - 2014-03-01 22:55 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 21:13 - 2014-01-01 21:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-22 19:28 - 2014-01-13 21:28 - 00000000 ____D C:\Users\ego87\AppData\Local\CrashDumps
2015-06-22 19:13 - 2014-03-01 22:55 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 19:13 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-21 13:36 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-20 14:17 - 2013-12-31 12:39 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2382921263-2657641692-2300306991-1001
2015-06-20 01:12 - 2012-07-26 09:19 - 00285616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-20 01:10 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-20 00:30 - 2014-04-24 00:12 - 00000000 ____D C:\Users\ego87\AppData\Roaming\PhotoScape
2015-06-20 00:30 - 2014-01-01 21:32 - 00000000 ____D C:\Users\ego87\AppData\Roaming\TeamViewer
2015-06-20 00:29 - 2014-02-10 12:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-20 00:29 - 2012-08-02 18:04 - 00000000 ___DC C:\WINDOWS\Panther
2015-06-20 00:25 - 2014-01-26 14:04 - 00000000 ____D C:\ProgramData\Ashampoo
2015-06-20 00:01 - 2014-08-27 13:38 - 00000000 ____D C:\Program Files (x86)\ViUpdater
2015-06-18 08:25 - 2012-07-26 07:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-18 08:24 - 2014-01-10 21:49 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Skype
2015-06-18 08:23 - 2014-01-10 21:49 - 00000000 ____D C:\ProgramData\Skype
2015-06-10 12:49 - 2013-12-31 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-10 12:48 - 2013-12-31 12:53 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-06-10 12:48 - 2013-12-31 12:53 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-06-10 09:48 - 2014-03-01 22:56 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 19:13 - 2014-01-01 21:10 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-04 15:03 - 2014-03-20 18:22 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-06-04 14:52 - 2014-04-05 19:55 - 00000000 ____D C:\Users\ego87\Documents\Euro Truck Simulator 2
2015-06-03 07:48 - 2014-03-01 22:55 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-01 09:22 - 2014-01-01 19:14 - 00000000 ____D C:\Users\ego87\AppData\Local\Thunderbird
2015-05-30 15:57 - 2013-11-12 19:51 - 00000000 ___RD C:\Users\ego87\Dropbox
2015-05-30 14:51 - 2014-01-01 19:35 - 00000000 ____D C:\Users\ego87\AppData\Roaming\Dropbox
2015-05-29 20:21 - 2014-10-31 17:10 - 00000887 _____ C:\Users\ego87\Desktop\Landwirtschafts Simulator 15 .lnk
2015-05-29 20:21 - 2014-10-31 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015

==================== Files in the root of some directories =======

2015-04-21 00:38 - 2015-04-23 16:37 - 0000022 _____ () C:\Users\ego87\AppData\Roaming\Network Meter_Usage.ini
2014-08-09 16:38 - 2014-09-02 12:42 - 14155776 _____ () C:\Users\ego87\AppData\Roaming\Sandra.mdb
2015-04-20 23:53 - 2015-04-20 23:53 - 0000122 _____ () C:\Users\ego87\AppData\Roaming\System Monitor II_UptimeRecord.ini
2014-11-23 18:10 - 2014-11-23 18:10 - 0002070 _____ () C:\Users\ego87\AppData\Local\recently-used.xbel
2014-02-24 10:44 - 2014-02-24 10:44 - 0007597 _____ () C:\Users\ego87\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\ego87\IP_Log_Data.js
C:\Users\ego87\Network_Meter_Data.js


Some files in TEMP:
====================
C:\Users\ego87\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-11 13:24

==================== End of log ============================



Nein Keine Probleme auf den ersten Blick Danke Super von dir für die schnelle und gut erklärte Hilfe

nur noch eine Frage und zwar kann ich jetz FRST Security check Mbam und JRT wieder löschen oder soll das auf dem PC bleiben


Danke nochmals an dich !!!

schrauber 23.06.2015 12:06
Java updaten.


http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131