[Windows 8.1] "Eigene Dateien" verschwunden

matsch · 06.12.2014, 22:49

Guten Tag,

ich musste gestern erschreckt feststellen dass all meine eigenen Dateien verschwunden sind. Diese befanden sich nicht auf der Systempartition, sondern auf der Datenpartition von meinem Laptop. Es handelt sich um ca. 100GB Bilder, 20GB Musik und 2 GB Dokumente. Obwohl ich den Laptop erst ca. einen Monat habe läuft dieser nicht sehr flüssig.

Hier im Forum wurde ein ähnliches Thema mal behandelt. http://www.trojaner-board.de/67803-e...geloescht.html
Es wäre toll wenn wir das hier auch mal angehen könnten.

Was ich bereits gemacht habe:

1. Ordneroption auf "Alle Ordner sichtbar" gestellt
2. Im abgesicherten Modus gestartet
3. AntiVir drüber laufen lassen, hat einen Amonetize.kpa gefunden
4. Malewarebites drüber laufen lassen, hat ne ganze Menge gefunden

Soll ich euch die Berichte mal anfügen?

Soll ich HijackThis mal drüber laufen lassen?

LG und Danke im Voraus

matsch

cosinus · 07.12.2014, 00:31

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

matsch · 07.12.2014, 14:34

Vielen Dank, hier mal die Logs:

Avira AntiVir

05/12/2014 20:51 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\matsch\AppData\Local\Microsoft\Windows\INetCache\IE\F32SYBDM\EUS.10.x
REG.rar__3516_i1382485897_il4440978.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Amonetize.kpa'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52dba298.qua'
verschoben!

Malewarebytes

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 06/12/2014
Scan Time: 18:17:37
Logfile: Malewarebites Bericht.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.06.07
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: matsch

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385213
Time Elapsed: 7 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [ffa08dd26f0d4cea15753fc6e61da858],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [ffa08dd26f0d4cea15753fc6e61da858],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [ffa08dd26f0d4cea15753fc6e61da858],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [ffa08dd26f0d4cea15753fc6e61da858],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [ffa08dd26f0d4cea15753fc6e61da858],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Delete-on-Reboot, [c7d82837463658deafd8768f4cb708f8],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [c7d82837463658deafd8768f4cb708f8],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [1e8117486d0f2a0ce7f698ca10f356aa],
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WeDlMngr, Delete-on-Reboot, [ffa0a3bcabd1ed49165206579f64ec14],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Delete-on-Reboot, [a5fadb848def6cca9aa9348b8183e719],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Delete-on-Reboot, [2e71a5badaa20c2aa23a8bd7ae557888],

Registry Values: 4
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [abf4ee71bac2b77f48ddf16611f258a8]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [b6e997c83b419b9b978eafa80ef512ee]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Delete-on-Reboot, [f7a81d425626e74f03c2df81a95a32ce]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Delete-on-Reboot, [a5fadb848def6cca9aa9348b8183e719]

Registry Data: 7
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62go,&q={searchTerms}, Good: (Google), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62go,&q={searchTerms}),Replaced,[9a05431c7efe33034b6b80d78b7aea16]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}, Good: (Google), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}),Delete-on-Reboot,[009faab5a1db58de3188084f2bda30d0]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, Search,, Good: (Google), Bad: (Search,[445b1c43afcd47ef6357e77062a3a15f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}, Good: (Google), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}),Delete-on-Reboot,[356a96c9215bf93d3484fd5a669f8779]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}, Good: (Google), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}),Delete-on-Reboot,[435c69f60c705cdaefcc6bec877ec63a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}, Good: (Google), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}),Delete-on-Reboot,[c0df94cb89f38bab24982e29cc39b749]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3495729476-3499689536-3439204416-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}, Good: (Google), Bad: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q={searchTerms}),Delete-on-Reboot,[b2edbaa5d9a34beb2295c98e976eae52]

Folders: 3
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [d5ca96c93547053148f2f70ffc0707f9],
PUP.Optional.OpenCandy, C:\Users\Benutzer\AppData\Roaming\OpenCandy, Quarantined, [edb2e47bc8b42016f4dab65f49ba34cc],
PUP.Optional.OpenCandy, C:\Users\Benutzer\AppData\Roaming\OpenCandy\2750098AC47E42A792A94F10D6D36126, Quarantined, [edb2e47bc8b42016f4dab65f49ba34cc],

Files: 9
PUP.Optional.Outbrowse, C:\Users\Benutzer\AppData\Local\Temp\revs.exe, Quarantined, [ffa08dd26f0d4cea15753fc6e61da858],
PUP.Optional.SmartBar, C:\Users\Benutzer\AppData\Local\Temp\MSI8CD5.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [cbd4e27d95e78caa304af33b6898e21e],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI8CD5.tmp, Quarantined, [7e21a8b7b2ca2d09403a9896f907738d],
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, Quarantined, [4d52134caece142262008dd870932fd1],
PUP.Optional.WebSearch.A, C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default\searchplugins\Web Search.xml, Quarantined, [acf3d788a2da85b10e0cf38bc043758b],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, Quarantined, [158a530c0c70c76fd96b355a61a28b75],
Rogue.Multiple, C:\ProgramData\374311380\BIT628A.tmp, Quarantined, [d5ca96c93547053148f2f70ffc0707f9],
PUP.Optional.OpenCandy, C:\Users\matsch\AppData\Roaming\OpenCandy\2750098AC47E42A792A94F10D6D36126\OptimizerPro.exe, Quarantined, [edb2e47bc8b42016f4dab65f49ba34cc],
PUP.Optional.SnapDo.A, C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q=")

, Replaced,[940b63fcabd1af877bc52d6c49bc7f81]

Physical Sectors: 0
(No malicious items detected)

(end)

FRST LogFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by matsch at 2014-12-07 14:32:18
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Acer Ezel Sensor (HKLM\...\{8AB88082-5BBB-4D66-BF7C-561118D3827C}) (Version: 1.01.1013 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.00.3007 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.118 - Broadcom Corporation)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
ETDWare PS/2-X64 11.6.20.203_WHQL (HKLM\...\Elantech) (Version: 11.6.20.203 - ELAN Microelectronic Corp.)
HID Monitor (HKLM-x32\...\{26406227-5F51-40C4-84AE-B376A2A35472}) (Version: 1.1.5 - Acer Incorporated)
HP Photosmart 5510 series - Grundlegende Software für das Gerät (HKLM\...\{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.1.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.7.227.2013 - Realtek)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6300 - Broadcom Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3495729476-3499689536-3439204416-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3495729476-3499689536-3439204416-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\matsch\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C65B9D2-16CA-44DE-A41E-E239854C2E40} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-15] (Acer Incorporate)
Task: {0D45CEE8-8791-49D6-B864-A67D0A1C60F9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3495729476-3499689536-3439204416-1002
Task: {21E18801-DDC7-4936-88D9-5447BE9D8261} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {2B98BBEA-5B14-442D-84FC-9DE0837F2F1B} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-04-03] (Acer Incorporated)
Task: {3118139D-86D5-45A2-97CB-FED00D61D311} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-04-03] (Acer Incorporated)
Task: {38C3019E-E9BC-4167-993A-0AF8A5592614} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {63D7785B-5803-460A-8B32-8B50A6E3E5A0} - System32\Tasks\EZel Sensor Behavior => C:\Program Files\Acer\Acer Ezel Sensor\Launcher.exe [2013-04-23] (Acer Incorporated)
Task: {A8BF77FD-E471-400A-AE20-A508148CACC4} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {AA3E2EA0-0A5E-4F91-89DD-679C34ED7647} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3495729476-3499689536-3439204416-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {ABEF684C-E26E-4B19-BA12-072417E07986} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {ABF8CE3D-ACD5-4FA7-94E9-482F18189192} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {B260805B-79D6-423C-AFB9-897E41A483BB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {BBC22389-B9D4-44E2-9558-EC9FE0580D72} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {D96A4F12-1DD1-4AC6-B133-43A83FC8D8C0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-13] (Microsoft Corporation)
Task: {DD248626-5B90-4D20-8FD2-CD1CE6266C00} - System32\Tasks\Acer Aspire R7 Tutorial => C:\ProgramData\OEM\Acer Aspire R7 Tutorial\EzelToastNotificationAgent.exe [2013-03-18] (acer)
Task: {E21E7A38-AA9E-456D-A51F-592C6EF99459} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {FCAF261E-A0EB-475D-AF0F-E7CFB5211F6F} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-04-23] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-22 11:27 - 2013-03-22 11:27 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-10-25 10:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-23 13:02 - 2012-08-23 13:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2014-11-21 08:56 - 2014-09-23 14:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-25 14:58 - 2014-09-25 14:58 - 02019840 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2014-10-17 12:09 - 2014-10-17 12:09 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2013-01-04 15:19 - 2013-01-04 15:19 - 00035336 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2014-10-23 17:49 - 2014-10-23 17:49 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\491c0c37c6b3573dc689b231ff551b4e\PSIClient.ni.dll
2014-08-26 09:18 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-05 20:51 - 2014-12-05 20:51 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\matsch\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "PDFPrint"

========================= Accounts: ==========================

Administrator (S-1-5-21-3495729476-3499689536-3439204416-500 - Administrator - Enabled)
Gast (S-1-5-21-3495729476-3499689536-3439204416-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3495729476-3499689536-3439204416-1008 - Limited - Enabled)
matsch (S-1-5-21-3495729476-3499689536-3439204416-1002 - Administrator - Enabled) => C:\Users\matsch
UpdatusUser (S-1-5-21-3495729476-3499689536-3439204416-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB module
Description: Bluetooth USB module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2014 11:54:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (12/07/2014 11:54:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "Recovery" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (12/07/2014 11:08:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 11:08:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 11:08:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 11:07:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 11:07:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 11:07:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 01:06:11 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/07/2014 01:06:11 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (12/07/2014 01:19:07 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/07/2014 11:08:45 AM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/07/2014 11:08:15 AM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/07/2014 11:07:54 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (12/07/2014 04:09:41 AM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (12/07/2014 04:09:34 AM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (12/07/2014 04:09:32 AM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (12/07/2014 04:09:24 AM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (12/07/2014 04:09:10 AM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (12/07/2014 04:09:07 AM) (Source: disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (12/07/2014 11:54:09 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (12/07/2014 11:54:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: RecoveryFalscher Parameter. (0x80070057)

Error: (12/07/2014 11:08:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (12/07/2014 11:08:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (12/07/2014 11:08:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (12/07/2014 11:07:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (12/07/2014 11:07:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (12/07/2014 11:07:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (12/07/2014 01:06:11 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (12/07/2014 01:06:11 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4


CodeIntegrity Errors:
===================================
  Date: 2014-12-07 13:27:59.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 13:23:44.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 13:23:13.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 21:50:41.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 16:42:16.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 16:18:39.278
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 16:09:54.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 12:23:27.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-05 21:14:11.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-05 20:15:46.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8007.27 MB
Available physical RAM: 5313.16 MB
Total Pagefile: 9287.27 MB
Available Pagefile: 5876.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:110.98 GB) (Free:78.23 GB) NTFS
Drive d: (Data) (Fixed) (Total:677.66 GB) (Free:677.38 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:31.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 181F8758)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 181F8758)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9ACB02B5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

cosinus · 07.12.2014, 17:27

FRST.txt fehlt

matsch · 07.12.2014, 21:23

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by matsch (administrator) on EGAL on 07-12-2014 21:19:42
Running from D:\
Loaded Profile: matsch (Available profiles: UpdatusUser & matsch)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Ezel Sensor\EzelSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\OEM\EZELSENSORBEHAVIOR\EZelSensorBehavior.exe
(Acer Incorporated) C:\OEM\EZELSENSORBEHAVIOR\EzelAudio.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10592256 2013-02-04] (Broadcom Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\...\MountPoints2: {bc4adc38-4a0b-11e4-be85-24fd52a99e9e} - "D:\iLinker.exe" 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3495729476-3499689536-3439204416-1002 -> {FF6499C6-675E-4D6C-B95F-7F080457FED3} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default
FF SelectedSearchEngine: Web Search
FF Homepage: google.de
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3dkT2K4VV56JPpk9r_rC-oE6h4twEo8nBjeed4PVoqZoogIg6agGcHZDBdVItmSYOCOGE8Sps62g0,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF user.js: detected! => C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default\user.js
FF Extension: Adblock Plus - C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-18]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-03-22] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EzelSvc; C:\Program Files\Acer\Acer Ezel Sensor\EzelSvc.exe [213032 2013-04-23] (Acer Incorporate)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6074368 2013-02-04] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-03-22] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-09-21] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 14:31 - 2014-12-07 21:19 - 00000000 ____D () C:\FRST
2014-12-06 20:15 - 2014-12-06 20:15 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
2014-12-06 18:16 - 2014-12-07 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 18:16 - 2014-12-06 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-06 18:16 - 2014-12-06 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 18:16 - 2014-12-06 18:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 18:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-06 18:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-06 18:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 20:51 - 2014-12-05 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-19 07:53 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:53 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:53 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:53 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 13:21 - 2014-11-14 13:21 - 00000000 __SHD () C:\Users\matsch\AppData\Local\EmieBrowserModeList
2014-11-12 01:50 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 01:50 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 01:50 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 01:50 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 01:50 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 01:50 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 01:50 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 01:50 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 01:50 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 01:50 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 01:50 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 01:50 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 01:50 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 01:50 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 01:50 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 01:50 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 01:50 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 01:50 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:49 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 01:49 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 01:49 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 01:49 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 01:49 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 01:49 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 01:49 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 01:49 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 01:49 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 01:49 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 01:49 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 01:49 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 01:49 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 01:49 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 01:49 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 01:49 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 01:49 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 01:49 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:49 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 01:49 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 01:49 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 01:49 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 01:49 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 01:49 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 01:49 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 01:49 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 01:48 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 01:48 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 01:48 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 01:48 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 01:48 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 01:48 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 01:48 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 01:48 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 01:48 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 01:47 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 01:47 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 01:47 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 01:47 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 01:47 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 01:47 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 01:47 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 01:47 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 01:47 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 01:47 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 01:47 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-12 01:47 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 01:47 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 01:47 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 01:47 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 01:47 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 01:47 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 01:47 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 01:47 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 01:47 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 01:47 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 01:47 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 01:47 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 01:47 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 01:47 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 01:47 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 01:47 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 01:47 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 01:47 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 01:47 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 01:47 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 01:47 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-12 01:47 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 01:47 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 01:47 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-12 01:47 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-12 01:47 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 01:47 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 01:47 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 01:47 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 01:47 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 01:47 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 01:47 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 01:47 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 01:47 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 01:47 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 01:47 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 01:47 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 01:47 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 01:47 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 01:47 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 01:47 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 01:47 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 01:47 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-12 01:47 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 01:47 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 01:47 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 01:47 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 01:47 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 01:47 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 01:47 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 01:47 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 01:47 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 01:47 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 01:47 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 01:47 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 01:47 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 01:47 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 01:47 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 01:47 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 01:47 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 01:47 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 01:47 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 01:47 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 01:47 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 01:47 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-12 01:47 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 01:47 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 01:47 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 01:47 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 01:47 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-12 01:47 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 01:47 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 01:47 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 01:47 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 01:47 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 01:47 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 01:47 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 01:47 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 01:47 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 01:46 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 01:46 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:46 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 01:46 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 01:46 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 01:46 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 01:46 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 01:46 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:46 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:46 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:46 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 01:46 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 01:46 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 01:46 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 01:46 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 01:46 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 01:46 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 01:46 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 01:46 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:46 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 01:45 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 01:45 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 01:45 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 01:45 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 01:45 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 01:45 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 01:45 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 01:45 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 01:45 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 01:45 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 01:45 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 01:45 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 01:45 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 01:45 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 01:45 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 01:45 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 01:45 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 01:45 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 01:45 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 01:45 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 01:45 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-10 21:42 - 2014-11-10 21:42 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-11-10 21:30 - 2014-11-10 21:30 - 00000000 ____D () C:\Users\matsch\.android

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 21:19 - 2014-09-18 22:08 - 00000000 ____D () C:\Users\matsch\AppData\Roaming\Skype
2014-12-07 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-07 20:52 - 2014-09-23 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 14:59 - 2014-09-21 21:20 - 01052600 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 13:23 - 2014-09-18 22:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-07 13:22 - 2014-09-18 22:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-06 22:55 - 2014-03-18 11:03 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 22:55 - 2014-03-18 10:25 - 00770902 _____ () C:\Windows\system32\perfh007.dat
2014-12-06 22:55 - 2014-03-18 10:25 - 00163992 _____ () C:\Windows\system32\perfc007.dat
2014-12-06 20:39 - 2014-09-18 08:47 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3495729476-3499689536-3439204416-1002
2014-12-06 19:36 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 19:35 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-06 19:26 - 2014-03-18 02:50 - 00169530 _____ () C:\Windows\PFRO.log
2014-12-06 18:26 - 2014-09-18 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2014-12-05 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-27 20:41 - 2014-10-25 11:44 - 00000000 ____D () C:\Users\matsch\AppData\Local\Deployment
2014-11-26 19:49 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 23:52 - 2014-09-23 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-21 08:57 - 2014-10-25 10:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-20 21:51 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 00:56 - 2014-09-21 21:28 - 00000000 _RSHD () C:\Users\matsch
2014-11-14 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:30 - 2013-08-22 15:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-13 21:31 - 2014-09-20 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 21:30 - 2014-09-20 22:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 22:20 - 2014-10-23 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-10 22:20 - 2014-10-23 19:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 22:20 - 2014-10-23 19:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-10 21:39 - 2013-08-22 15:46 - 00336846 _____ () C:\Windows\setupact.log
2014-11-09 21:47 - 2014-09-18 08:17 - 00000000 ____D () C:\Users\matsch\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\matsch\AppData\Local\Temp\7z.dll
C:\Users\matsch\AppData\Local\Temp\avgnt.exe
C:\Users\matsch\AppData\Local\Temp\AviraSetup68437.exe
C:\Users\matsch\AppData\Local\Temp\cygiconv-2.dll
C:\Users\matsch\AppData\Local\Temp\cygintl-8.dll
C:\Users\matsch\AppData\Local\Temp\cygwin1.dll
C:\Users\matsch\AppData\Local\Temp\KMSPicoCloseAll.exe
C:\Users\matsch\AppData\Local\Temp\md5sum.exe
C:\Users\matsch\AppData\Local\Temp\optprosetup.exe
C:\Users\matsch\AppData\Local\Temp\rcpsetup_s32new.exe
C:\Users\matsch\AppData\Local\Temp\sevnz.exe
C:\Users\matsch\AppData\Local\Temp\somoto_EaseUS Data Recovery Wizard Universal Crack.rar_1.0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-30 17:47

==================== End Of Log ============================

--- --- ---

cosinus · 07.12.2014, 21:28

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

matsch · 08.12.2014, 21:14

Hier ist der JRT-Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by matsch on 08/12/2014 at 20:47:10.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\matsch\AppData\Roaming\systweak"

~~~ FireFox

Successfully deleted: [File] C:\Users\matsch\AppData\Roaming\mozilla\firefox\profiles\kdd4rj1h.default\user.js
Successfully deleted the following from C:\Users\matsch\AppData\Roaming\mozilla\firefox\profiles\kdd4rj1h.default\prefs.js

user_pref("browser.search.selectedEngine", "Web Search");
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmvfmKS_-Tjyw3P0szxEn0q_j7mEFQfYqc8phuj9dSzaU6kDg6p06bTRwkPLj4ovs-buhdhZxFwRRl3
Emptied folder: C:\Users\matsch\AppData\Roaming\mozilla\firefox\profiles\kdd4rj1h.default\minidumps [9 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/12/2014 at 20:48:38.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hatte den adwCleaner-log hier erst abgespeichert. Der wurde durch ausführen des JRT leider gelöscht. Jetzt hab ich anschliessend nochmal adwCleaner Bericht erstellt.AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.104 - Bericht erstellt am 08/12/2014 um 20:54:59
# Aktualisiert 05/12/2014 von Xplode
# Database : 2014-12-08.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : matsch - EGAL
# Gestartet von : D:\AdwCleaner_4.104.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Windows\System32\roboot64.exe

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0 (x86 de)


*************************

AdwCleaner[R0].txt - [2057 octets] - [08/12/2014 20:43:20]
AdwCleaner[R1].txt - [2117 octets] - [08/12/2014 20:44:56]
AdwCleaner[R2].txt - [2013 octets] - [08/12/2014 20:54:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2073 octets] ##########

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by matsch (administrator) on EGAL on 08-12-2014 21:13:16
Running from D:\
Loaded Profile: matsch (Available profiles: UpdatusUser & matsch)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Ezel Sensor\EzelSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\OEM\EZELSENSORBEHAVIOR\EZelSensorBehavior.exe
(Acer Incorporated) C:\OEM\EZELSENSORBEHAVIOR\EzelAudio.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10592256 2013-02-04] (Broadcom Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\...\MountPoints2: {bc4adc38-4a0b-11e4-be85-24fd52a99e9e} - "D:\iLinker.exe" 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3495729476-3499689536-3439204416-1002 -> {FF6499C6-675E-4D6C-B95F-7F080457FED3} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\matsch\AppData\Roaming\Mozilla\Firefox\Profiles\kdd4rj1h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-18]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-03-22] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EzelSvc; C:\Program Files\Acer\Acer Ezel Sensor\EzelSvc.exe [213032 2013-04-23] (Acer Incorporate)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6074368 2013-02-04] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-03-22] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-09-21] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 20:47 - 2014-12-08 20:47 - 00000000 ____D () C:\Windows\ERUNT
2014-12-08 20:41 - 2014-12-08 20:55 - 00000000 ____D () C:\AdwCleaner
2014-12-08 20:41 - 2014-12-08 20:50 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-07 14:31 - 2014-12-08 21:13 - 00000000 ____D () C:\FRST
2014-12-06 20:15 - 2014-12-06 20:15 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
2014-12-06 18:16 - 2014-12-07 14:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 18:16 - 2014-12-06 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-06 18:16 - 2014-12-06 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-06 18:16 - 2014-12-06 18:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-06 18:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-06 18:16 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-06 18:16 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 20:51 - 2014-12-05 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-19 07:53 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 07:53 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 07:53 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 07:53 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 13:21 - 2014-11-14 13:21 - 00000000 __SHD () C:\Users\matsch\AppData\Local\EmieBrowserModeList
2014-11-12 01:50 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 01:50 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 01:50 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 01:50 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 01:50 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 01:50 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 01:50 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 01:50 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 01:50 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 01:50 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 01:50 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 01:50 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 01:50 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 01:50 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 01:50 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 01:50 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 01:50 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 01:50 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 01:49 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 01:49 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 01:49 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 01:49 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 01:49 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 01:49 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 01:49 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 01:49 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 01:49 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 01:49 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 01:49 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 01:49 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 01:49 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 01:49 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 01:49 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 01:49 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 01:49 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 01:49 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 01:49 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 01:49 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 01:49 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 01:49 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 01:49 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 01:49 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 01:49 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 01:49 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 01:48 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 01:48 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 01:48 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 01:48 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 01:48 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 01:48 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 01:48 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 01:48 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 01:48 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 01:47 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 01:47 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 01:47 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 01:47 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 01:47 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 01:47 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 01:47 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 01:47 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 01:47 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 01:47 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 01:47 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-12 01:47 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 01:47 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 01:47 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 01:47 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 01:47 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 01:47 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 01:47 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 01:47 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 01:47 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 01:47 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 01:47 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 01:47 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 01:47 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 01:47 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 01:47 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 01:47 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 01:47 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 01:47 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 01:47 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 01:47 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 01:47 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-12 01:47 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 01:47 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 01:47 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-12 01:47 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-12 01:47 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 01:47 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 01:47 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 01:47 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 01:47 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 01:47 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 01:47 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 01:47 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 01:47 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 01:47 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 01:47 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 01:47 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 01:47 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 01:47 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 01:47 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 01:47 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 01:47 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 01:47 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-12 01:47 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 01:47 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 01:47 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 01:47 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 01:47 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 01:47 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 01:47 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 01:47 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 01:47 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 01:47 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 01:47 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 01:47 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 01:47 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 01:47 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 01:47 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 01:47 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 01:47 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 01:47 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 01:47 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 01:47 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 01:47 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 01:47 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-12 01:47 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 01:47 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 01:47 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 01:47 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 01:47 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-12 01:47 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 01:47 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 01:47 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 01:47 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 01:47 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 01:47 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 01:47 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 01:47 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 01:47 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 01:46 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 01:46 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 01:46 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 01:46 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 01:46 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 01:46 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 01:46 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 01:46 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 01:46 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 01:46 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 01:46 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 01:46 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 01:46 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 01:46 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 01:46 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 01:46 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 01:46 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 01:46 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 01:46 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 01:46 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 01:45 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 01:45 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 01:45 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 01:45 - 2014-09-07 23:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 01:45 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 01:45 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 01:45 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 01:45 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 01:45 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 01:45 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 01:45 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 01:45 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 01:45 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 01:45 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 01:45 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 01:45 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 01:45 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 01:45 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 01:45 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 01:45 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 01:45 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-10 21:42 - 2014-11-10 21:42 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-11-10 21:30 - 2014-11-10 21:30 - 00000000 ____D () C:\Users\matsch\.android

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-08 20:52 - 2014-09-23 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 20:51 - 2014-09-18 22:08 - 00000000 ____D () C:\Users\matsch\AppData\Roaming\Skype
2014-12-08 20:49 - 2014-09-21 21:20 - 01061994 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 13:23 - 2014-09-18 22:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-07 13:22 - 2014-09-18 22:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-06 22:55 - 2014-03-18 11:03 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 22:55 - 2014-03-18 10:25 - 00770902 _____ () C:\Windows\system32\perfh007.dat
2014-12-06 22:55 - 2014-03-18 10:25 - 00163992 _____ () C:\Windows\system32\perfc007.dat
2014-12-06 20:39 - 2014-09-18 08:47 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3495729476-3499689536-3439204416-1002
2014-12-06 19:36 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 19:35 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-12-06 19:26 - 2014-03-18 02:50 - 00169530 _____ () C:\Windows\PFRO.log
2014-12-06 18:26 - 2014-09-18 21:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources
2014-12-05 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-27 20:41 - 2014-10-25 11:44 - 00000000 ____D () C:\Users\matsch\AppData\Local\Deployment
2014-11-26 19:49 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 23:52 - 2014-09-23 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-21 08:57 - 2014-10-25 10:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-20 21:51 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 21:51 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 00:56 - 2014-09-21 21:28 - 00000000 _RSHD () C:\Users\matsch
2014-11-14 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 08:30 - 2013-08-22 15:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 08:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-13 21:31 - 2014-09-20 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 21:30 - 2014-09-20 22:57 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 22:20 - 2014-10-23 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-10 22:20 - 2014-10-23 19:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 22:20 - 2014-10-23 19:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-10 21:39 - 2013-08-22 15:46 - 00336846 _____ () C:\Windows\setupact.log
2014-11-09 21:47 - 2014-09-18 08:17 - 00000000 ____D () C:\Users\matsch\AppData\Local\Packages

Some content of TEMP:
====================
C:\Users\matsch\AppData\Local\Temp\7z.dll
C:\Users\matsch\AppData\Local\Temp\avgnt.exe
C:\Users\matsch\AppData\Local\Temp\AviraSetup68437.exe
C:\Users\matsch\AppData\Local\Temp\cygiconv-2.dll
C:\Users\matsch\AppData\Local\Temp\cygintl-8.dll
C:\Users\matsch\AppData\Local\Temp\cygwin1.dll
C:\Users\matsch\AppData\Local\Temp\KMSPicoCloseAll.exe
C:\Users\matsch\AppData\Local\Temp\md5sum.exe
C:\Users\matsch\AppData\Local\Temp\optprosetup.exe
C:\Users\matsch\AppData\Local\Temp\rcpsetup_s32new.exe
C:\Users\matsch\AppData\Local\Temp\sevnz.exe
C:\Users\matsch\AppData\Local\Temp\somoto_EaseUS Data Recovery Wizard Universal Crack.rar_1.0.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-30 17:47

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 09.12.2014, 00:48

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

matsch · 09.12.2014, 23:58

Schonmal vielen Dank für den Einsatz!

Hier die add.txtFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by JO at 2014-12-09 23:55:39
Running from D:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Acer Ezel Sensor (HKLM\...\{8AB88082-5BBB-4D66-BF7C-561118D3827C}) (Version: 1.01.1013 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.00.3007 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.118 - Broadcom Corporation)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
ETDWare PS/2-X64 11.6.20.203_WHQL (HKLM\...\Elantech) (Version: 11.6.20.203 - ELAN Microelectronic Corp.)
HID Monitor (HKLM-x32\...\{26406227-5F51-40C4-84AE-B376A2A35472}) (Version: 1.1.5 - Acer Incorporated)
HP Photosmart 5510 series - Grundlegende Software für das Gerät (HKLM\...\{8133D9DE-F412-4CFB-A359-5E3EE38A9A19}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.1.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.7.227.2013 - Realtek)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6300 - Broadcom Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3495729476-3499689536-3439204416-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3495729476-3499689536-3439204416-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\matsch\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C65B9D2-16CA-44DE-A41E-E239854C2E40} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-15] (Acer Incorporate)
Task: {0D45CEE8-8791-49D6-B864-A67D0A1C60F9} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3495729476-3499689536-3439204416-1002
Task: {21E18801-DDC7-4936-88D9-5447BE9D8261} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {2B98BBEA-5B14-442D-84FC-9DE0837F2F1B} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-04-03] (Acer Incorporated)
Task: {3118139D-86D5-45A2-97CB-FED00D61D311} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-04-03] (Acer Incorporated)
Task: {38C3019E-E9BC-4167-993A-0AF8A5592614} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {3DEB9C74-DFEE-412D-98B2-A18EEBBFAADF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-13] (Microsoft Corporation)
Task: {63D7785B-5803-460A-8B32-8B50A6E3E5A0} - System32\Tasks\EZel Sensor Behavior => C:\Program Files\Acer\Acer Ezel Sensor\Launcher.exe [2013-04-23] (Acer Incorporated)
Task: {A8BF77FD-E471-400A-AE20-A508148CACC4} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {AA3E2EA0-0A5E-4F91-89DD-679C34ED7647} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3495729476-3499689536-3439204416-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {ABEF684C-E26E-4B19-BA12-072417E07986} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {ABF8CE3D-ACD5-4FA7-94E9-482F18189192} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {B260805B-79D6-423C-AFB9-897E41A483BB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {BBC22389-B9D4-44E2-9558-EC9FE0580D72} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DD248626-5B90-4D20-8FD2-CD1CE6266C00} - System32\Tasks\Acer Aspire R7 Tutorial => C:\ProgramData\OEM\Acer Aspire R7 Tutorial\EzelToastNotificationAgent.exe [2013-03-18] (acer)
Task: {E21E7A38-AA9E-456D-A51F-592C6EF99459} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {FCAF261E-A0EB-475D-AF0F-E7CFB5211F6F} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-04-23] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-03-22 11:27 - 2013-03-22 11:27 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-10-25 10:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-23 13:02 - 2012-08-23 13:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2014-09-25 14:58 - 2014-09-25 14:58 - 02019840 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2014-10-17 12:09 - 2014-10-17 12:09 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-11-21 08:56 - 2014-09-23 14:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-04 15:19 - 2013-01-04 15:19 - 00035336 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2014-10-23 17:49 - 2014-10-23 17:49 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\491c0c37c6b3573dc689b231ff551b4e\PSIClient.ni.dll
2014-08-26 09:18 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-05 20:51 - 2014-12-05 20:51 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\matsch\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "PDFPrint"

========================= Accounts: ==========================

Administrator (S-1-5-21-3495729476-3499689536-3439204416-500 - Administrator - Enabled)
Gast (S-1-5-21-3495729476-3499689536-3439204416-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3495729476-3499689536-3439204416-1008 - Limited - Enabled)
matsch (S-1-5-21-3495729476-3499689536-3439204416-1002 - Administrator - Enabled) => C:\Users\matsch
UpdatusUser (S-1-5-21-3495729476-3499689536-3439204416-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB module
Description: Bluetooth USB module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 07:19:51 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/09/2014 08:58:49 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/09/2014 08:58:49 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/09/2014 08:58:49 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/09/2014 08:58:05 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/09/2014 08:58:05 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/09/2014 08:58:05 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/08/2014 10:20:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (12/08/2014 10:20:09 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (12/08/2014 10:20:09 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.


System errors:
=============
Error: (12/08/2014 09:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/08/2014 09:56:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/08/2014 09:55:36 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/08/2014 09:54:20 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/08/2014 09:54:20 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/08/2014 09:54:14 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/08/2014 09:54:14 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (12/08/2014 09:43:20 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/08/2014 09:42:50 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/08/2014 09:38:53 PM) (Source: DCOM) (EventID: 10010) (User: EGAL)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (12/09/2014 07:19:51 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/09/2014 08:58:49 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (12/09/2014 08:58:49 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (12/09/2014 08:58:49 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (12/09/2014 08:58:05 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (12/09/2014 08:58:05 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (12/09/2014 08:58:05 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (12/08/2014 10:20:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (12/08/2014 10:20:09 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (12/08/2014 10:20:09 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4


CodeIntegrity Errors:
===================================
  Date: 2014-12-09 23:14:47.752
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-09 23:12:54.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 22:57:13.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-08 22:52:28.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 21:14:27.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 13:27:59.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 13:23:44.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-07 13:23:13.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 21:50:41.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-06 16:42:16.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume9\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 30%
Total physical RAM: 8007.27 MB
Available physical RAM: 5593.64 MB
Total Pagefile: 9287.27 MB
Available Pagefile: 6364.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:110.98 GB) (Free:78.13 GB) NTFS
Drive d: (Data) (Fixed) (Total:677.66 GB) (Free:677.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 181F8758)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 181F8758)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

cosinus · 10.12.2014, 00:09

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

matsch · 10.12.2014, 20:16

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 01
Ran by matsch at 2014-12-10 19:39:48 Run:1
Running from D:\
Loaded Profile: matsch (Available profiles: UpdatusUser & matsch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
Hosts:
*****************

"HKU\S-1-5-21-3495729476-3499689536-3439204416-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Nach dem Reboot waren alle Sachen bei Firefox gelöscht, Passwörter, Cookies, Lesezeichen ... macht das Sinn?

cosinus · 11.12.2014, 09:04

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

matsch · 12.12.2014, 19:11

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 12/12/2014
Suchlauf-Zeit: 17:18:43
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.12.05
Rootkit Datenbank: v2014.12.08.03
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: matsch

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 386560
Verstrichene Zeit: 8 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d6ef36bde870734c97be7fe32d8bfb99
# engine=21527
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-12 05:49:47
# local_time=2014-12-12 06:49:47 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 173006 6851127 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2460024 8710906 0 0
# scanned=207530
# found=1
# cleaned=0
# scan_time=4122
sh=F659145EC3AE2128DFD51FAE8128EC7932C0726F ft=1 fh=cce1d111b935f89a vn="NSIS/StartPage.CC Trojaner" ac=I fn="D:\vlc-2.1.5-win32.exe"

cosinus · 13.12.2014, 00:44

Nur Müll

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

matsch · 15.12.2014, 19:45

Hallo Cosinus,

vielen lieben Dank für deinen Einsatz und die Tips!

Ich weiss nicht ob das auch dein Fachgebiet ist, aber die verschwundenen Eigenen Dateien sind leider nicht wieder aufgetaucht. Weisst du ob ein Zusammenhang zwischen den Schädlingen um dem Verschwinden bestehen kann?

Hast du sonst vielleicht eine Idee, woran es liegen könnte?

Schönen Abend noch!
Matsch

07.12.2014, 17:27	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	[Windows 8.1] "Eigene Dateien" verschwunden FRST.txt fehlt __________________ Logfiles bitte immer in CODE-Tags posten

09.12.2014, 00:48	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	[Windows 8.1] "Eigene Dateien" verschwunden Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

[Windows 8.1] "Eigene Dateien" verschwunden

Plagegeister aller Art und deren Bekämpfung: [Windows 8.1] "Eigene Dateien" verschwunden