| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ich kann keine Programme mehr öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2015, 12:07
| #16 |
 |  Ich kann keine Programme mehr öffnen Hier die Fix List. Ja ist installiert und hat mir das nach dem Download angezeigt. FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by ar-sports (administrator) on AR-SPORTS-PC on 30-01-2015 09:04:18 Running from C:\Users\ar-sports\Downloads\FRST-OlderVersion Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe () C:\Program Files (x86)\Media remote\Media remote.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-02-01] (May Software) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [184880 2011-07-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1885043606-201990974-2310804300-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation) AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> {0717C853-92C3-0B8F-FF07-6E168161B86D} URL = BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.17.100 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-09-10] FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20 FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-09-10] FF HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Firefox\Extensions: [{284fed43-2e13-4afe-8aeb-50827d510e20}] - C:\Program Files (x86)\Re-markit\135.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21] CHR Extension: (Google Drive) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21] CHR Extension: (Google-Suche) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21] CHR Extension: (Google Wallet) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21] CHR Extension: (Google Mail) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-10-28] (CyberLink) S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] () [File not signed] S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] () [File not signed] S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2005-06-09] (IBM Corporation) [File not signed] R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-13] (Egis Technology Inc. ) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-07] (WildTangent) R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-18] () R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2011-01-18] (Intel(R) Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 09:03 - 2015-01-30 09:03 - 00004051 _____ () C:\Users\ar-sports\Desktop\Fixlist.txt 2015-01-29 23:49 - 2015-01-29 23:50 - 00000000 ____D () C:\13508aa44d652281d0ffe991 2015-01-29 20:30 - 2015-01-29 20:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Bildcomputer 2015-01-29 20:15 - 2015-01-30 09:04 - 00000000 ____D () C:\Users\ar-sports\Downloads\FRST-OlderVersion 2015-01-29 20:15 - 2015-01-29 20:16 - 00039047 _____ () C:\Users\ar-sports\Downloads\FRST.txt 2015-01-29 20:15 - 2015-01-29 20:16 - 00031322 _____ () C:\Users\ar-sports\Downloads\Addition.txt 2015-01-29 20:07 - 2015-01-29 20:07 - 00852573 _____ () C:\Users\ar-sports\Desktop\SecurityCheck.exe 2015-01-29 15:24 - 2015-01-29 15:24 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - ccfcbbb1da5f42e29333bd39eac1e2ab07e06d474b3648d0af4f25925603686c 2015-01-29 08:53 - 2015-01-29 08:53 - 01707939 _____ (Thisisu) C:\Users\ar-sports\Desktop\JRT.exe 2015-01-29 08:40 - 2015-01-29 08:40 - 02194432 _____ () C:\Users\ar-sports\Desktop\AdwCleaner_4.109.exe 2015-01-29 07:49 - 2015-01-30 07:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-29 07:49 - 2015-01-29 07:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-29 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-29 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-29 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-29 07:47 - 2015-01-29 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ar-sports\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-28 23:50 - 2015-01-28 23:51 - 00000000 ____D () C:\e5af0b43c0ead705e8f5a70b8555 2015-01-28 19:15 - 2015-01-28 19:15 - 00033772 _____ () C:\ComboFix.txt 2015-01-28 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-28 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-28 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-28 18:55 - 2015-01-28 19:15 - 00000000 ____D () C:\Qoobox 2015-01-28 18:55 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt 2015-01-28 18:54 - 2015-01-28 18:54 - 05610841 ____R (Swearware) C:\Users\ar-sports\Desktop\ComboFix.exe 2015-01-28 18:23 - 2015-01-28 18:23 - 00001268 _____ () C:\Users\ar-sports\Desktop\Revo Uninstaller.lnk 2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-28 18:22 - 2015-01-28 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ar-sports\Downloads\revosetup95.exe 2015-01-28 13:28 - 2015-01-28 13:29 - 00000000 ____D () C:\9a8479723a599ea3c91ede 2015-01-28 08:42 - 2015-01-28 08:43 - 00000000 ____D () C:\5ec6513707ea3739629bac1bb9e073 2015-01-28 04:09 - 2015-01-30 09:04 - 00000000 ____D () C:\FRST 2015-01-28 00:01 - 2015-01-28 00:01 - 00000000 ____D () C:\8ed94f21db07ead1de5b4b47817232 2015-01-27 18:52 - 2015-01-29 20:15 - 02130432 _____ (Farbar) C:\Users\ar-sports\Downloads\FRST64.exe 2015-01-26 23:45 - 2015-01-26 23:46 - 00000000 ____D () C:\260044cb1e8dfa06e556a3b12f3868 2015-01-25 23:47 - 2015-01-25 23:48 - 00000000 ____D () C:\abd2c10a63f765a5b5741677 2015-01-25 21:20 - 2015-01-25 21:20 - 00001861 _____ () C:\Users\ar-sports\Desktop\UseNeXT by Tangysoft.lnk 2015-01-25 21:20 - 2015-01-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2015-01-25 21:06 - 2015-01-25 21:06 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\ar-sports\Downloads\UseNeXTSetup_5.64.exe 2015-01-25 14:25 - 2015-01-25 14:31 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Samsung 2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch 2015-01-25 13:56 - 2015-01-30 08:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\8908D6CF-FA27-41F6-911D-151CEE0547DD.aplzod 2015-01-25 13:38 - 2015-01-25 13:39 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup (1).exe 2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-01-25 13:31 - 2015-01-25 13:33 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup.exe 2015-01-25 00:09 - 2015-01-25 00:10 - 00000000 ____D () C:\567f23d61e19196654ff15f6d11c7d 2015-01-24 00:13 - 2015-01-24 00:13 - 00000000 ____D () C:\7b97ffe15426a80f1fa531e9 2015-01-23 00:05 - 2015-01-23 00:06 - 00000000 ____D () C:\89cf8cad9273348b3978 2015-01-21 23:56 - 2015-01-21 23:57 - 00000000 ____D () C:\e8d3e4ba50f785c1c8 2015-01-21 17:14 - 2015-01-21 17:14 - 00000891 _____ () C:\Users\ar-sports\Desktop\iPhone von Andi - Verknüpfung.lnk 2015-01-21 17:05 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-21 16:39 - 2015-01-21 17:05 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-21 16:39 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-21 16:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files\iTunes 2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-21 16:38 - 2015-01-21 16:38 - 00000000 ____D () C:\Program Files\iPod 2015-01-21 16:33 - 2015-01-21 16:36 - 122418480 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\iTunes64Setup (1).exe 2015-01-20 23:29 - 2015-01-20 23:30 - 00000000 ____D () C:\e8bd0b5a87fe32c4ee 2015-01-19 23:13 - 2015-01-19 23:13 - 00000000 ____D () C:\5e7e451a0cf836eaaab73e2081786c 2015-01-19 17:07 - 2015-01-19 17:08 - 00000000 ____D () C:\8249325112d6e9bc1f611f 2015-01-14 22:30 - 2015-01-14 22:30 - 00013844 _____ () C:\Users\ar-sports\Documents\Kopie von Logistikaufstellung DAVID 2015.xlsx 2015-01-14 08:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 16:36 - 2015-01-13 16:36 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - b39ff3e4de754a48ad14dfb13da642efb9b0e44ec9ba4f87be1144be0cdef85e ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 08:57 - 2012-04-18 13:58 - 00000000 ____D () C:\Users\ar-sports\Documents\Outlook-Dateien 2015-01-30 08:51 - 2012-11-21 08:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-30 08:31 - 2013-04-25 18:45 - 00000000 ____D () C:\Users\ar-sports\Desktop\Nürburgring 2015-01-30 08:20 - 2011-09-10 02:35 - 02014907 _____ () C:\Windows\WindowsUpdate.log 2015-01-30 08:17 - 2012-08-12 20:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-30 07:01 - 2013-11-23 15:51 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-30 07:01 - 2012-11-21 08:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-30 07:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-30 07:01 - 2009-07-14 05:51 - 00140897 _____ () C:\Windows\setupact.log 2015-01-29 17:02 - 2014-10-16 12:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Schneeräumen 2015-01-29 08:45 - 2010-11-21 04:47 - 00433990 _____ () C:\Windows\PFRO.log 2015-01-29 08:44 - 2013-11-12 18:51 - 00000000 ____D () C:\AdwCleaner 2015-01-29 08:38 - 2014-12-27 15:54 - 00000000 ____D () C:\Users\ar-sports\Desktop\Autos 2015-01-29 07:49 - 2013-11-12 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-28 19:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-27 22:30 - 2012-07-12 20:12 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\vlc 2015-01-27 18:06 - 2011-09-10 12:28 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2015-01-27 18:06 - 2011-09-10 12:28 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2015-01-27 18:06 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-27 07:53 - 2014-01-21 08:03 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-25 21:20 - 2012-04-19 11:31 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2015-01-25 21:18 - 2012-04-18 17:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\UseNeXT 2015-01-25 21:13 - 2013-05-05 13:49 - 00000000 ____D () C:\Program Files (x86)\Racelogic 2015-01-25 15:47 - 2012-05-12 12:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Dropbox 2015-01-25 14:53 - 2012-05-28 09:20 - 00012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-25 13:56 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Apple Computer 2015-01-25 13:41 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Apple Computer 2015-01-25 13:33 - 2013-11-04 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-24 23:17 - 2012-08-12 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-24 23:17 - 2012-04-19 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 23:17 - 2011-08-03 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 09:18 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\ar-sports\Desktop\DavidMedien 2015-01-22 08:30 - 2012-05-12 13:01 - 00000000 ___RD () C:\Users\ar-sports\Dropbox 2015-01-21 16:38 - 2013-11-04 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-21 16:30 - 2013-11-04 10:47 - 00000000 ____D () C:\ProgramData\Apple 2015-01-21 15:28 - 2014-11-24 16:17 - 00001996 ____H () C:\Users\ar-sports\Documents\Default.rdp 2015-01-21 15:23 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-19 20:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-19 20:22 - 2012-04-17 16:01 - 00000000 ____D () C:\ProgramData\clear.fi 2015-01-16 23:06 - 2012-04-18 17:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Adobe 2015-01-16 21:02 - 2014-12-09 22:17 - 00000000 ____D () C:\Users\ar-sports\Desktop\Chris25 2015-01-16 00:08 - 2014-12-14 11:51 - 00000000 ____D () C:\Users\ar-sports\Desktop\AudiS3 2015-01-15 00:22 - 2013-08-14 22:18 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 00:18 - 2012-04-18 07:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 19:45 - 2014-07-27 16:55 - 00000000 ____D () C:\Users\ar-sports\Desktop\Aufträge_David 2015-01-13 14:31 - 2014-12-03 13:55 - 00000000 ____D () C:\ZR-Excelsicherung 2015-01-11 15:10 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2012-05-28 09:20 - 2015-01-25 14:53 - 0012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-06 14:15 - 2014-08-06 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-09-10 03:09 - 2012-04-18 15:35 - 0013715 _____ () C:\ProgramData\ArcadeDeluxe5.log Some content of TEMP: ==================== C:\Users\ar-sports\AppData\Local\Temp\avgnt.exe C:\Users\ar-sports\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 10:02 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- [CODE][/CO FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by ar-sports (administrator) on AR-SPORTS-PC on 30-01-2015 09:04:18 Running from C:\Users\ar-sports\Downloads\FRST-OlderVersion Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe () C:\Program Files (x86)\Media remote\Media remote.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-02-01] (May Software) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [184880 2011-07-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1885043606-201990974-2310804300-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation) AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> {0717C853-92C3-0B8F-FF07-6E168161B86D} URL = BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.17.100 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-09-10] FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20 FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-09-10] FF HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Firefox\Extensions: [{284fed43-2e13-4afe-8aeb-50827d510e20}] - C:\Program Files (x86)\Re-markit\135.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21] CHR Extension: (Google Drive) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21] CHR Extension: (Google-Suche) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21] CHR Extension: (Google Wallet) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21] CHR Extension: (Google Mail) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-10-28] (CyberLink) S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] () [File not signed] S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] () [File not signed] S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2005-06-09] (IBM Corporation) [File not signed] R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-13] (Egis Technology Inc. ) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-07] (WildTangent) R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-18] () R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2011-01-18] (Intel(R) Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 09:03 - 2015-01-30 09:03 - 00004051 _____ () C:\Users\ar-sports\Desktop\Fixlist.txt 2015-01-29 23:49 - 2015-01-29 23:50 - 00000000 ____D () C:\13508aa44d652281d0ffe991 2015-01-29 20:30 - 2015-01-29 20:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Bildcomputer 2015-01-29 20:15 - 2015-01-30 09:04 - 00000000 ____D () C:\Users\ar-sports\Downloads\FRST-OlderVersion 2015-01-29 20:15 - 2015-01-29 20:16 - 00039047 _____ () C:\Users\ar-sports\Downloads\FRST.txt 2015-01-29 20:15 - 2015-01-29 20:16 - 00031322 _____ () C:\Users\ar-sports\Downloads\Addition.txt 2015-01-29 20:07 - 2015-01-29 20:07 - 00852573 _____ () C:\Users\ar-sports\Desktop\SecurityCheck.exe 2015-01-29 15:24 - 2015-01-29 15:24 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - ccfcbbb1da5f42e29333bd39eac1e2ab07e06d474b3648d0af4f25925603686c 2015-01-29 08:53 - 2015-01-29 08:53 - 01707939 _____ (Thisisu) C:\Users\ar-sports\Desktop\JRT.exe 2015-01-29 08:40 - 2015-01-29 08:40 - 02194432 _____ () C:\Users\ar-sports\Desktop\AdwCleaner_4.109.exe 2015-01-29 07:49 - 2015-01-30 07:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-29 07:49 - 2015-01-29 07:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-29 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-29 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-29 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-29 07:47 - 2015-01-29 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ar-sports\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-28 23:50 - 2015-01-28 23:51 - 00000000 ____D () C:\e5af0b43c0ead705e8f5a70b8555 2015-01-28 19:15 - 2015-01-28 19:15 - 00033772 _____ () C:\ComboFix.txt 2015-01-28 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-28 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-28 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-28 18:55 - 2015-01-28 19:15 - 00000000 ____D () C:\Qoobox 2015-01-28 18:55 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt 2015-01-28 18:54 - 2015-01-28 18:54 - 05610841 ____R (Swearware) C:\Users\ar-sports\Desktop\ComboFix.exe 2015-01-28 18:23 - 2015-01-28 18:23 - 00001268 _____ () C:\Users\ar-sports\Desktop\Revo Uninstaller.lnk 2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-28 18:22 - 2015-01-28 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ar-sports\Downloads\revosetup95.exe 2015-01-28 13:28 - 2015-01-28 13:29 - 00000000 ____D () C:\9a8479723a599ea3c91ede 2015-01-28 08:42 - 2015-01-28 08:43 - 00000000 ____D () C:\5ec6513707ea3739629bac1bb9e073 2015-01-28 04:09 - 2015-01-30 09:04 - 00000000 ____D () C:\FRST 2015-01-28 00:01 - 2015-01-28 00:01 - 00000000 ____D () C:\8ed94f21db07ead1de5b4b47817232 2015-01-27 18:52 - 2015-01-29 20:15 - 02130432 _____ (Farbar) C:\Users\ar-sports\Downloads\FRST64.exe 2015-01-26 23:45 - 2015-01-26 23:46 - 00000000 ____D () C:\260044cb1e8dfa06e556a3b12f3868 2015-01-25 23:47 - 2015-01-25 23:48 - 00000000 ____D () C:\abd2c10a63f765a5b5741677 2015-01-25 21:20 - 2015-01-25 21:20 - 00001861 _____ () C:\Users\ar-sports\Desktop\UseNeXT by Tangysoft.lnk 2015-01-25 21:20 - 2015-01-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2015-01-25 21:06 - 2015-01-25 21:06 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\ar-sports\Downloads\UseNeXTSetup_5.64.exe 2015-01-25 14:25 - 2015-01-25 14:31 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Samsung 2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch 2015-01-25 13:56 - 2015-01-30 08:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\8908D6CF-FA27-41F6-911D-151CEE0547DD.aplzod 2015-01-25 13:38 - 2015-01-25 13:39 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup (1).exe 2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-01-25 13:31 - 2015-01-25 13:33 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup.exe 2015-01-25 00:09 - 2015-01-25 00:10 - 00000000 ____D () C:\567f23d61e19196654ff15f6d11c7d 2015-01-24 00:13 - 2015-01-24 00:13 - 00000000 ____D () C:\7b97ffe15426a80f1fa531e9 2015-01-23 00:05 - 2015-01-23 00:06 - 00000000 ____D () C:\89cf8cad9273348b3978 2015-01-21 23:56 - 2015-01-21 23:57 - 00000000 ____D () C:\e8d3e4ba50f785c1c8 2015-01-21 17:14 - 2015-01-21 17:14 - 00000891 _____ () C:\Users\ar-sports\Desktop\iPhone von Andi - Verknüpfung.lnk 2015-01-21 17:05 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-21 16:39 - 2015-01-21 17:05 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-21 16:39 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-21 16:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files\iTunes 2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-21 16:38 - 2015-01-21 16:38 - 00000000 ____D () C:\Program Files\iPod 2015-01-21 16:33 - 2015-01-21 16:36 - 122418480 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\iTunes64Setup (1).exe 2015-01-20 23:29 - 2015-01-20 23:30 - 00000000 ____D () C:\e8bd0b5a87fe32c4ee 2015-01-19 23:13 - 2015-01-19 23:13 - 00000000 ____D () C:\5e7e451a0cf836eaaab73e2081786c 2015-01-19 17:07 - 2015-01-19 17:08 - 00000000 ____D () C:\8249325112d6e9bc1f611f 2015-01-14 22:30 - 2015-01-14 22:30 - 00013844 _____ () C:\Users\ar-sports\Documents\Kopie von Logistikaufstellung DAVID 2015.xlsx 2015-01-14 08:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 16:36 - 2015-01-13 16:36 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - b39ff3e4de754a48ad14dfb13da642efb9b0e44ec9ba4f87be1144be0cdef85e ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 08:57 - 2012-04-18 13:58 - 00000000 ____D () C:\Users\ar-sports\Documents\Outlook-Dateien 2015-01-30 08:51 - 2012-11-21 08:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-30 08:31 - 2013-04-25 18:45 - 00000000 ____D () C:\Users\ar-sports\Desktop\Nürburgring 2015-01-30 08:20 - 2011-09-10 02:35 - 02014907 _____ () C:\Windows\WindowsUpdate.log 2015-01-30 08:17 - 2012-08-12 20:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-30 07:01 - 2013-11-23 15:51 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-30 07:01 - 2012-11-21 08:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-30 07:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-30 07:01 - 2009-07-14 05:51 - 00140897 _____ () C:\Windows\setupact.log 2015-01-29 17:02 - 2014-10-16 12:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Schneeräumen 2015-01-29 08:45 - 2010-11-21 04:47 - 00433990 _____ () C:\Windows\PFRO.log 2015-01-29 08:44 - 2013-11-12 18:51 - 00000000 ____D () C:\AdwCleaner 2015-01-29 08:38 - 2014-12-27 15:54 - 00000000 ____D () C:\Users\ar-sports\Desktop\Autos 2015-01-29 07:49 - 2013-11-12 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-28 19:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-27 22:30 - 2012-07-12 20:12 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\vlc 2015-01-27 18:06 - 2011-09-10 12:28 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2015-01-27 18:06 - 2011-09-10 12:28 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2015-01-27 18:06 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-27 07:53 - 2014-01-21 08:03 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-25 21:20 - 2012-04-19 11:31 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2015-01-25 21:18 - 2012-04-18 17:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\UseNeXT 2015-01-25 21:13 - 2013-05-05 13:49 - 00000000 ____D () C:\Program Files (x86)\Racelogic 2015-01-25 15:47 - 2012-05-12 12:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Dropbox 2015-01-25 14:53 - 2012-05-28 09:20 - 00012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-25 13:56 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Apple Computer 2015-01-25 13:41 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Apple Computer 2015-01-25 13:33 - 2013-11-04 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-24 23:17 - 2012-08-12 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-24 23:17 - 2012-04-19 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 23:17 - 2011-08-03 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 09:18 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\ar-sports\Desktop\DavidMedien 2015-01-22 08:30 - 2012-05-12 13:01 - 00000000 ___RD () C:\Users\ar-sports\Dropbox 2015-01-21 16:38 - 2013-11-04 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-21 16:30 - 2013-11-04 10:47 - 00000000 ____D () C:\ProgramData\Apple 2015-01-21 15:28 - 2014-11-24 16:17 - 00001996 ____H () C:\Users\ar-sports\Documents\Default.rdp 2015-01-21 15:23 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-19 20:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-19 20:22 - 2012-04-17 16:01 - 00000000 ____D () C:\ProgramData\clear.fi 2015-01-16 23:06 - 2012-04-18 17:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Adobe 2015-01-16 21:02 - 2014-12-09 22:17 - 00000000 ____D () C:\Users\ar-sports\Desktop\Chris25 2015-01-16 00:08 - 2014-12-14 11:51 - 00000000 ____D () C:\Users\ar-sports\Desktop\AudiS3 2015-01-15 00:22 - 2013-08-14 22:18 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 00:18 - 2012-04-18 07:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 19:45 - 2014-07-27 16:55 - 00000000 ____D () C:\Users\ar-sports\Desktop\Aufträge_David 2015-01-13 14:31 - 2014-12-03 13:55 - 00000000 ____D () C:\ZR-Excelsicherung 2015-01-11 15:10 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2012-05-28 09:20 - 2015-01-25 14:53 - 0012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-06 14:15 - 2014-08-06 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-09-10 03:09 - 2012-04-18 15:35 - 0013715 _____ () C:\ProgramData\ArcadeDeluxe5.log Some content of TEMP: ==================== C:\Users\ar-sports\AppData\Local\Temp\avgnt.exe C:\Users\ar-sports\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 10:02 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- DE] Habe es noch einmal versucht und die txt am Desktop gespeichert. Aber FRST lässt mir keinen Fix mehr machen. No Fixlist found? [CODE][ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by ar-sports (administrator) on AR-SPORTS-PC on 30-01-2015 09:04:18 Running from C:\Users\ar-sports\Downloads\FRST-OlderVersion Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe () C:\Program Files (x86)\Media remote\Media remote.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2011-01-18] (Intel(R) Corporation) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [Media remote] => C:\Program Files (x86)\Media remote\Media remote.exe [1535000 2011-05-18] () HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe [443392 2013-02-01] (May Software) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1070160 2011-02-11] (Dritek System Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe [184880 2011-07-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1885043606-201990974-2310804300-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] () HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation) AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\ar-sports\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1885043606-201990974-2310804300-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1885043606-201990974-2310804300-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> {0717C853-92C3-0B8F-FF07-6E168161B86D} URL = BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1885043606-201990974-2310804300-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.17.100 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt [2011-09-10] FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\Acer Bio Protection\FFExt20 FF Extension: Password Bank Extension - C:\Program Files (x86)\Acer Bio Protection\FFExt20 [2011-09-10] FF HKU\S-1-5-21-1885043606-201990974-2310804300-1001\...\Firefox\Extensions: [{284fed43-2e13-4afe-8aeb-50827d510e20}] - C:\Program Files (x86)\Re-markit\135.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-21] CHR Extension: (Google Drive) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-21] CHR Extension: (Google-Suche) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-21] CHR Extension: (Google Wallet) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21] CHR Extension: (Google Mail) - C:\Users\ar-sports\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-21] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 CLKMSVC10_34E30CCC; C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [240112 2011-10-28] (CyberLink) S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [103608 2014-04-11] () [File not signed] S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2014-04-11] () [File not signed] S3 Cwbrxd; C:\Windows\CWBRXD.EXE [57344 2005-06-09] (IBM Corporation) [File not signed] R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [307760 2011-07-13] (Egis Technology Inc. ) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-07] (WildTangent) R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-18] () R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2011-01-18] (Intel(R) Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 09:03 - 2015-01-30 09:03 - 00004051 _____ () C:\Users\ar-sports\Desktop\Fixlist.txt 2015-01-29 23:49 - 2015-01-29 23:50 - 00000000 ____D () C:\13508aa44d652281d0ffe991 2015-01-29 20:30 - 2015-01-29 20:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Bildcomputer 2015-01-29 20:15 - 2015-01-30 09:04 - 00000000 ____D () C:\Users\ar-sports\Downloads\FRST-OlderVersion 2015-01-29 20:15 - 2015-01-29 20:16 - 00039047 _____ () C:\Users\ar-sports\Downloads\FRST.txt 2015-01-29 20:15 - 2015-01-29 20:16 - 00031322 _____ () C:\Users\ar-sports\Downloads\Addition.txt 2015-01-29 20:07 - 2015-01-29 20:07 - 00852573 _____ () C:\Users\ar-sports\Desktop\SecurityCheck.exe 2015-01-29 15:24 - 2015-01-29 15:24 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - ccfcbbb1da5f42e29333bd39eac1e2ab07e06d474b3648d0af4f25925603686c 2015-01-29 08:53 - 2015-01-29 08:53 - 01707939 _____ (Thisisu) C:\Users\ar-sports\Desktop\JRT.exe 2015-01-29 08:40 - 2015-01-29 08:40 - 02194432 _____ () C:\Users\ar-sports\Desktop\AdwCleaner_4.109.exe 2015-01-29 07:49 - 2015-01-30 07:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-29 07:49 - 2015-01-29 07:49 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-29 07:49 - 2015-01-29 07:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-29 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-29 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-29 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-29 07:47 - 2015-01-29 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ar-sports\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-28 23:50 - 2015-01-28 23:51 - 00000000 ____D () C:\e5af0b43c0ead705e8f5a70b8555 2015-01-28 19:15 - 2015-01-28 19:15 - 00033772 _____ () C:\ComboFix.txt 2015-01-28 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-28 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-28 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-28 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-28 18:55 - 2015-01-28 19:15 - 00000000 ____D () C:\Qoobox 2015-01-28 18:55 - 2015-01-28 19:14 - 00000000 ____D () C:\Windows\erdnt 2015-01-28 18:54 - 2015-01-28 18:54 - 05610841 ____R (Swearware) C:\Users\ar-sports\Desktop\ComboFix.exe 2015-01-28 18:23 - 2015-01-28 18:23 - 00001268 _____ () C:\Users\ar-sports\Desktop\Revo Uninstaller.lnk 2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-28 18:22 - 2015-01-28 18:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\ar-sports\Downloads\revosetup95.exe 2015-01-28 13:28 - 2015-01-28 13:29 - 00000000 ____D () C:\9a8479723a599ea3c91ede 2015-01-28 08:42 - 2015-01-28 08:43 - 00000000 ____D () C:\5ec6513707ea3739629bac1bb9e073 2015-01-28 04:09 - 2015-01-30 09:04 - 00000000 ____D () C:\FRST 2015-01-28 00:01 - 2015-01-28 00:01 - 00000000 ____D () C:\8ed94f21db07ead1de5b4b47817232 2015-01-27 18:52 - 2015-01-29 20:15 - 02130432 _____ (Farbar) C:\Users\ar-sports\Downloads\FRST64.exe 2015-01-26 23:45 - 2015-01-26 23:46 - 00000000 ____D () C:\260044cb1e8dfa06e556a3b12f3868 2015-01-25 23:47 - 2015-01-25 23:48 - 00000000 ____D () C:\abd2c10a63f765a5b5741677 2015-01-25 21:20 - 2015-01-25 21:20 - 00001861 _____ () C:\Users\ar-sports\Desktop\UseNeXT by Tangysoft.lnk 2015-01-25 21:20 - 2015-01-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT 2015-01-25 21:06 - 2015-01-25 21:06 - 05270008 _____ (Tangysoft Ltd. ) C:\Users\ar-sports\Downloads\UseNeXTSetup_5.64.exe 2015-01-25 14:25 - 2015-01-25 14:31 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Samsung 2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\Users\Public\Documents\SmartSwitch 2015-01-25 13:56 - 2015-01-30 08:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\8908D6CF-FA27-41F6-911D-151CEE0547DD.aplzod 2015-01-25 13:38 - 2015-01-25 13:39 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup (1).exe 2015-01-25 13:34 - 2015-01-25 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2015-01-25 13:31 - 2015-01-25 13:33 - 71647536 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\icloudsetup.exe 2015-01-25 00:09 - 2015-01-25 00:10 - 00000000 ____D () C:\567f23d61e19196654ff15f6d11c7d 2015-01-24 00:13 - 2015-01-24 00:13 - 00000000 ____D () C:\7b97ffe15426a80f1fa531e9 2015-01-23 00:05 - 2015-01-23 00:06 - 00000000 ____D () C:\89cf8cad9273348b3978 2015-01-21 23:56 - 2015-01-21 23:57 - 00000000 ____D () C:\e8d3e4ba50f785c1c8 2015-01-21 17:14 - 2015-01-21 17:14 - 00000891 _____ () C:\Users\ar-sports\Desktop\iPhone von Andi - Verknüpfung.lnk 2015-01-21 17:05 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-21 16:39 - 2015-01-21 17:05 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-01-21 16:39 - 2015-01-21 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-21 16:39 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files\iTunes 2015-01-21 16:38 - 2015-01-21 16:39 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-01-21 16:38 - 2015-01-21 16:38 - 00000000 ____D () C:\Program Files\iPod 2015-01-21 16:33 - 2015-01-21 16:36 - 122418480 _____ (Apple Inc.) C:\Users\ar-sports\Downloads\iTunes64Setup (1).exe 2015-01-20 23:29 - 2015-01-20 23:30 - 00000000 ____D () C:\e8bd0b5a87fe32c4ee 2015-01-19 23:13 - 2015-01-19 23:13 - 00000000 ____D () C:\5e7e451a0cf836eaaab73e2081786c 2015-01-19 17:07 - 2015-01-19 17:08 - 00000000 ____D () C:\8249325112d6e9bc1f611f 2015-01-14 22:30 - 2015-01-14 22:30 - 00013844 _____ () C:\Users\ar-sports\Documents\Kopie von Logistikaufstellung DAVID 2015.xlsx 2015-01-14 08:34 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 08:34 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 08:34 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 08:34 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 08:34 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 08:34 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 08:34 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 08:34 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 08:34 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 08:34 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 08:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 08:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 08:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 16:36 - 2015-01-13 16:36 - 00003560 _____ () C:\Windows\System32\Tasks\HP AR Program Upload - b39ff3e4de754a48ad14dfb13da642efb9b0e44ec9ba4f87be1144be0cdef85e ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-30 08:57 - 2012-04-18 13:58 - 00000000 ____D () C:\Users\ar-sports\Documents\Outlook-Dateien 2015-01-30 08:51 - 2012-11-21 08:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-30 08:31 - 2013-04-25 18:45 - 00000000 ____D () C:\Users\ar-sports\Desktop\Nürburgring 2015-01-30 08:20 - 2011-09-10 02:35 - 02014907 _____ () C:\Windows\WindowsUpdate.log 2015-01-30 08:17 - 2012-08-12 20:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-30 07:10 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-30 07:01 - 2013-11-23 15:51 - 00000000 ____D () C:\ProgramData\boost_interprocess 2015-01-30 07:01 - 2012-11-21 08:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-30 07:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-30 07:01 - 2009-07-14 05:51 - 00140897 _____ () C:\Windows\setupact.log 2015-01-29 17:02 - 2014-10-16 12:31 - 00000000 ____D () C:\Users\ar-sports\Desktop\Schneeräumen 2015-01-29 08:45 - 2010-11-21 04:47 - 00433990 _____ () C:\Windows\PFRO.log 2015-01-29 08:44 - 2013-11-12 18:51 - 00000000 ____D () C:\AdwCleaner 2015-01-29 08:38 - 2014-12-27 15:54 - 00000000 ____D () C:\Users\ar-sports\Desktop\Autos 2015-01-29 07:49 - 2013-11-12 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-28 19:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-27 22:30 - 2012-07-12 20:12 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\vlc 2015-01-27 18:06 - 2011-09-10 12:28 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2015-01-27 18:06 - 2011-09-10 12:28 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2015-01-27 18:06 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-27 07:53 - 2014-01-21 08:03 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-25 21:20 - 2012-04-19 11:31 - 00000000 ____D () C:\Program Files (x86)\UseNeXT 2015-01-25 21:18 - 2012-04-18 17:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\UseNeXT 2015-01-25 21:13 - 2013-05-05 13:49 - 00000000 ____D () C:\Program Files (x86)\Racelogic 2015-01-25 15:47 - 2012-05-12 12:59 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Dropbox 2015-01-25 14:53 - 2012-05-28 09:20 - 00012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-25 13:56 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Roaming\Apple Computer 2015-01-25 13:41 - 2013-11-04 10:51 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Apple Computer 2015-01-25 13:33 - 2013-11-04 10:48 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-24 23:17 - 2012-08-12 20:44 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-24 23:17 - 2012-04-19 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 23:17 - 2011-08-03 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 09:18 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\ar-sports\Desktop\DavidMedien 2015-01-22 08:30 - 2012-05-12 13:01 - 00000000 ___RD () C:\Users\ar-sports\Dropbox 2015-01-21 16:38 - 2013-11-04 10:50 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-21 16:30 - 2013-11-04 10:47 - 00000000 ____D () C:\ProgramData\Apple 2015-01-21 15:28 - 2014-11-24 16:17 - 00001996 ____H () C:\Users\ar-sports\Documents\Default.rdp 2015-01-21 15:23 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-01-19 20:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-19 20:22 - 2012-04-17 16:01 - 00000000 ____D () C:\ProgramData\clear.fi 2015-01-16 23:06 - 2012-04-18 17:56 - 00000000 ____D () C:\Users\ar-sports\AppData\Local\Adobe 2015-01-16 21:02 - 2014-12-09 22:17 - 00000000 ____D () C:\Users\ar-sports\Desktop\Chris25 2015-01-16 00:08 - 2014-12-14 11:51 - 00000000 ____D () C:\Users\ar-sports\Desktop\AudiS3 2015-01-15 00:22 - 2013-08-14 22:18 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 00:18 - 2012-04-18 07:09 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 19:45 - 2014-07-27 16:55 - 00000000 ____D () C:\Users\ar-sports\Desktop\Aufträge_David 2015-01-13 14:31 - 2014-12-03 13:55 - 00000000 ____D () C:\ZR-Excelsicherung 2015-01-11 15:10 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2012-05-28 09:20 - 2015-01-25 14:53 - 0012288 _____ () C:\Users\ar-sports\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-06 14:15 - 2014-08-06 14:15 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-09-10 03:09 - 2012-04-18 15:35 - 0013715 _____ () C:\ProgramData\ArcadeDeluxe5.log Some content of TEMP: ==================== C:\Users\ar-sports\AppData\Local\Temp\avgnt.exe C:\Users\ar-sports\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 10:02 ==================== End Of Log ============================ --- --- --- /CODE] Sorry wenn die jetzt doppelt und dreifach sind.. |
|
30.01.2015, 14:28
| #17 | |
| /// the machine /// TB-Ausbilder    | Ich kann keine Programme mehr öffnenZitat:
 FRST neu laden, auf den Desktop, dann klappt das auch mit der Fixlist  .Was machen die Fehlermeldungen nach Neustart?
__________________ |
|
31.01.2015, 09:46
| #18 |
| | Ich kann keine Programme mehr öffnen So jetzt aber...
__________________Habe es auf dem Desktop noch einmal runtergeladen aber die Fehlermeldungen gingen beim Neustart leider wieder auf... [CODE][Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015 Ran by ar-sports at 2015-01-30 15:27:33 Run:1 Running from C:\Users\ar-sports\Desktop Loaded Profiles: UpdatusUser & ar-sports (Available profiles: UpdatusUser & ar-sports) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Desktop\FreeVideoDub1810.exe C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Conduit\CT1351351\Softonic_DeutschAutoUpdaterHelper.exe C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2269050\DVDVideoSoftTBAutoUpdaterHelper.exe C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\ldrtbDVD0.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\ldrtbDVD2.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVD0.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVD1.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVD2.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\ldrtbSof0.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\tbSof0.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\tbSof1.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\tbSof2.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Temp\GLF11.tmp.tbDVDV.dll C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Temp\Softonic_Deutsch.exe C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Temp\ToolbarUpdater_1289802965\autoUpdater.exe C:\Users\ar-sports\Desktop\alteplatte\Programme\Conduit\Community Alerts\Alert.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\Conduit\Community Alerts\Alert0.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\Conduit\Community Alerts\Alert1.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\ConduitEngine\ConduitEngin0.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\ConduitEngine\ConduitEngine.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\ldrtbDVD0.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\ldrtbDVD2.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\prxtbDVD2.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\tbDVD1.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\tbDVD2.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\tbDVDV.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\Softonic_Deutsch\ldrtbSof0.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\Softonic_Deutsch\tbSof1.dll C:\Users\ar-sports\Desktop\alteplatte\Programme\Softonic_Deutsch\tbSoft.dll Emptytemp: ***************** C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Desktop\FreeVideoDub1810.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Conduit\CT1351351\Softonic_DeutschAutoUpdaterHelper.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Conduit\CT2269050\DVDVideoSoftTBAutoUpdaterHelper.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\ldrtbDVD0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\ldrtbDVD2.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVD0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVD1.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\tbDVD2.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\ldrtbSof0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\tbSof0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\tbSof1.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\tbSof2.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Anwendungsdaten\Softonic_Deutsch\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Temp\GLF11.tmp.tbDVDV.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Temp\Softonic_Deutsch.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Dokumente und Einstellungen\-\Lokale Einstellungen\Temp\ToolbarUpdater_1289802965\autoUpdater.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\Conduit\Community Alerts\Alert.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\Conduit\Community Alerts\Alert0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\Conduit\Community Alerts\Alert1.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\ConduitEngine\ConduitEngin0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\ConduitEngine\ConduitEngine.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\ldrtbDVD0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\ldrtbDVD2.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\prxtbDVD2.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\tbDVD1.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\tbDVD2.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\DVDVideoSoftTB\tbDVDV.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\Softonic_Deutsch\ldrtbSof0.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\Softonic_Deutsch\tbSof1.dll => Moved successfully. C:\Users\ar-sports\Desktop\alteplatte\Programme\Softonic_Deutsch\tbSoft.dll => Moved successfully. EmptyTemp: => Removed 2.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 15:31:13 ====/CODE] Hallo Schrauber hier noch eine Info die vielleicht relevant ist. Immer wenn ich den Computer runter fahre erscheint Schalten Sie den Computer nicht aus es wird 1 von 1 Update installiert..... Das erscheint immer! Update waren immer so alle 2-4 Wochen und dann aber mehrere. Wenn der Computer hochgefahren ist erscheint nach ca. 3-4 Minuten die Info Java Auto Updater Möchten Sie zulassen das durch das folgende Programm bla bla bla..... Habe mit ja oder mit nein etc. bestätigt die Frage kommt aber immer wieder.. |
|
31.01.2015, 13:36
| #19 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen Die Net Framework Fehler erscheinen immer noch obwohl das Framework jetzt installiert ist? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.01.2015, 19:31
| #20 |
| | Ich kann keine Programme mehr öffnen Leider keine Besserung. Alles wie vorher :-( |
|
01.02.2015, 10:02
| #21 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen Windows Scheibe zur Hand?
__________________ --> Ich kann keine Programme mehr öffnen |
|
01.02.2015, 12:35
| #22 |
| | Ich kann keine Programme mehr öffnen Was meinst Du mit Windows Scheibe?? |
|
01.02.2015, 17:07
| #23 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen na die Windows DVD
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2015, 17:43
| #24 |
| | Ich kann keine Programme mehr öffnen Achso eine DVD  Sorry ich habe gerade den der mir den Laptop verkauft und eingerichtet hat angerufen und der meinte Windows war vorinstalliert. |
|
01.02.2015, 19:43
| #25 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2015, 19:43
| #26 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.02.2015, 17:41
| #27 |
| | Ich kann keine Programme mehr öffnen Hallo Schrauber DVD ist fertig. Es geht ja nur um eine Reparatur und nicht um eine komplette Neuinstallierung oder? Sonst muss ich alle Daten sichern.. |
|
02.02.2015, 21:17
| #28 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.02.2015, 22:23
| #29 |
| | Ich kann keine Programme mehr öffnen Hm also ich hoffe das ist das richtige was ich da runter geladen habe?? Ich drücke auf Boot und dann kommt folgendes und wo soll ich da drücken sorry für die doofen Fragen.. |
|
03.02.2015, 09:36
| #30 |
| /// the machine /// TB-Ausbilder | Ich kann keine Programme mehr öffnen Sicher dass Du das ISO korrekt auf die DVD gebracht hast?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ich kann keine Programme mehr öffnen |
| anderes, anti, antivirus, bilder, erscheine, erscheint, fehler, fenster, free, gestern, hallo zusammen, hochfahren, hoffe, jahre, kleine, laptops, neues, nicht mehr, nichts, programme, programmen, versucht, woche, zusammen, öffnen |
Linear-Darstellung
