Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "fraudtool.yac" beherrscht meinen PC

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2016, 21:42   #1
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Icon16

"fraudtool.yac" beherrscht meinen PC



Hallo zusammen,

ich bin super froh diese Seite gefunden zu haben und hoffe, dass mir jemand helfen kann.

Leider muss ich gleich vorab sagen, dass ich jetzt nicht unbedingt ein Spezialist in Sachen Computer-Software bin.

Ich habe vor kurzem mein Masterstudium beendet, kann also die Basics am PC und weiß mir auch generell ganz gut zu helfen, aber ich werde Befehle wie beispielsweise "Erstell bitte eine Logfile" nicht einfach ausführen können, weil ich schlichtweg nicht weiß was ich machen muss.

Oder anders formuliert: Ich kann mit dem PC umgehen, weiß aber nicht wie er funktioniert, daher die Bitte um Nachsicht

_____________

Dann mal zu meinem Problem:

Ich habe festgestellt, dass:

1. Meine Startseite bei Chrome niemals die eingegebene google.de ist, sondern immer wieder aufs Neue folgende:

hxxp://www.delta-homes.com/?type=hp&ts=1429887833&from=ient04240&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111


2. Alle zehn Klicks beim Surfen im Internet öffnet sich in einem neuen Tab eine Seite, die mir beispielsweise sagt, dass ich irgendwas gewonnen hab, oder mein PC infiziert ist oder was weiß ich alles. Das sind dann auch diese bekloppten Seiten, die unerwünscht anfangen zu reden. Bekomm jedes Mal Puls, wenn die Frau mir plötzlich wieder sagt "Herzlichen Glückwunsch, Sie haben..."

Jedes Mal wenn ich den Tab dann schließe, geht dieses kleine Fenster auf, dass mich fragt ob ich sicher bin und dann muss ich auf "Diese Seite verlassen" klicken (Dies nur als Zusatzinformation, da das vielleicht nur bei speziellen Viren auftritt)


3. Ich habe nun mittels eines Browsercleaners und auch mit Anti-Malware versucht das Problem zu beheben. Letzteres fand an die 1700 infizierte Dateien, die wohl aber nicht gelöscht werden können?! Das Bereinigen wird zwar als erfolgreich angezeigt, aber das Problem bleibt erhalten.


4. Im Verlauf der Malwaresoftware sehe ich zu 98 % dieses "fraudtool.YAC". Ich habe mich im Internet dazu eingelesen und weiß mittlerweile wie riskant es ist und zudem noch schwer zu entfernen. Eigentlich wird größtenteils Spyhunter als Lösung angeboten, da dieses aber 35 Euro kostet und bei Chip als unseriös eingestuft wird, hoffe ich hier auf eine weitere Lösung.


Ich hoffe, dass diese ersten Information dazu beitragen mir zu helfen und bin ansonsten dankbar für jeden Tipp.

Liebe Grüße Stan

(Windows 7 Ultimate
Pentium Dual Core CPU E5700 @3.00GHZ
RAM 2,00 GB)

Geändert von Stan87 (12.03.2016 um 21:52 Uhr)

Alt 13.03.2016, 06:12   #2
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC




Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
  • Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
  • Wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!
Los geht's

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.03.2016, 11:16   #3
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Morgen Rafael,

vielen lieben Dank für deine Hilfe

Ich weiß das so zu schätzen, ich hab richtig Herzrasen

Kurze Info vorab:
Als ich FRST installieren wollte hat Avast mir das Programm gesperrt, weil es als Malware eingestuft wurde. Aber da ich dir ja blind vertraue, hab ich Avast deaktiviert und konnte FRST dann auch nutzen.

(Ich bin übrigens ziemlich stolz darauf, dieses Problem eigenständig gelöst zu haben )

FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by My (administrator) on MY-PC (13-03-2016 11:00:58)
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Spotify Ltd) C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF0acA7] => C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Dropbox Update] => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Spotify Web Helper] => C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-02] (Spotify Ltd)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Avast-Browser-Cleanup] => C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe [3840080 2016-03-12] (AVAST Software)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881d3-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881df-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785882e5-2538-11e4-b7f6-001e101f8aaa} - L:\Setup.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {b7f08f6c-2573-11e4-ac08-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {d13a326a-65dc-11e4-bb84-344b50b7ef20} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {faff2e3f-1aba-11e4-ab0f-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-03-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2016-03-12]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{281396E6-30BB-4E14-80CC-FDE4B22286FB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{35787BD2-AE79-4DB1-A43B-5F88D2370FEF}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{84366F90-C50A-4ED3-AB68-CE1FB51E65DA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8F5A98F3-365A-4D40-AFCC-9F548C91752F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E66BD2C1-2B2B-4982-A275-384AB3DDB42F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3687503007-941926512-4131969123-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
BHO: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-13] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default
FF DefaultSearchEngine: V9 
FF SelectedSearchEngine: V9 
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1442918440&z=cbe61584a8c7bf1cc32d5f8g5z6z1odtfg8bfz9c6t&from=ient07031&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-22] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1429887833&from=ient04240&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111"
CHR DefaultSearchURL: Default -> hxxp://search.delta-homes.com/web/?type=ds&ts=1429887833&from=ient04240&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111&q={searchTerms}
CHR DefaultSearchKeyword: Default -> delta-homes
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast SafePrice) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-14]
CHR Extension: (Adblock Super) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Google Mail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

Opera: 
=======
OPR Extension: (Browsers Apps -) - C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg [2016-03-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-03] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2012-10-25] (Realtek Semiconductor Corporation                           )
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2015-10-23] (Cisco Systems, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 11:00 - 2016-03-13 11:01 - 00018912 _____ C:\Users\My\Downloads\FRST.txt
2016-03-13 11:00 - 2016-03-13 11:00 - 00000000 ____D C:\FRST
2016-03-13 10:59 - 2016-03-13 11:00 - 01725440 _____ (Farbar) C:\Users\My\Downloads\FRST.exe
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\MSDOS.SYS
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\IO.SYS
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\AppData\Roaming\Sun
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\.oracle_jre_usage
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-13 00:05 - 2016-03-13 00:05 - 00000000 ____D C:\Users\My\AppData\LocalLow\Oracle
2016-03-12 20:33 - 2016-03-13 00:01 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 20:32 - 2016-03-12 22:24 - 00001054 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 20:31 - 2016-03-12 20:32 - 22908888 _____ (Malwarebytes ) C:\Users\My\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 19:24 - 2016-03-12 19:25 - 03840080 _____ (AVAST Software) C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe
2016-03-12 19:23 - 2016-03-12 19:27 - 00248615 _____ C:\Users\My\Downloads\Nicht bestätigt 550384.crdownload
2016-03-03 18:06 - 2016-03-03 18:06 - 00055112 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0112015_vom_02.11.2015_20160303060617.pdf
2016-03-03 18:04 - 2016-03-03 18:05 - 00056563 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0102015_vom_01.10.2015_20160303060429.pdf
2016-02-20 18:23 - 2016-02-20 18:23 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 10:53 - 2015-06-19 22:05 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job
2016-03-13 10:53 - 2015-03-06 23:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 00:20 - 2014-08-16 20:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-13 00:20 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\ProgramData\Cisco
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\Program Files\Cisco
2016-03-13 00:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-13 00:13 - 2014-08-23 13:58 - 00000000 ____D C:\ProgramData\BioWare
2016-03-13 00:13 - 2014-08-23 13:53 - 00000000 ____D C:\ProgramData\Media Center Programs
2016-03-13 00:07 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\Program Files\Java
2016-03-13 00:06 - 2014-08-02 19:10 - 00000000 ____D C:\Users\My
2016-03-13 00:05 - 2015-03-18 16:25 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-12 22:42 - 2015-03-06 23:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-12 22:28 - 2014-08-16 12:39 - 00000000 ____D C:\Program Files\Opera
2016-03-12 22:28 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-12 22:28 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-12 22:26 - 2015-03-15 16:44 - 00000000 ___RD C:\Users\My\Dropbox
2016-03-12 22:26 - 2015-03-13 10:44 - 00000000 ____D C:\Users\My\AppData\Roaming\Dropbox
2016-03-12 22:24 - 2015-10-01 20:01 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-10-01 20:01 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-09-24 23:49 - 00001793 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-03-12 22:24 - 2015-09-22 21:49 - 00000947 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2016-03-12 22:24 - 2015-09-22 21:18 - 00000983 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-05-01 12:24 - 00002069 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 22:24 - 2015-04-17 17:42 - 00001163 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2016-03-12 22:24 - 2015-03-07 11:52 - 00001060 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2016-03-12 22:24 - 2015-03-07 11:36 - 00001035 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2016-03-12 22:24 - 2015-03-06 23:55 - 00002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-12 22:24 - 2015-03-06 23:55 - 00002115 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-12 22:24 - 2014-08-30 15:36 - 00002083 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-03-12 22:24 - 2014-08-24 10:56 - 00001848 _____ C:\Users\Public\Desktop\o2 Surfstick.lnk
2016-03-12 22:24 - 2014-08-16 12:52 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001063 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-12 22:24 - 2014-08-02 19:11 - 00001389 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-12 22:24 - 2009-07-14 05:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-12 22:23 - 2015-09-24 23:49 - 00001787 _____ C:\Users\My\Desktop\Spotify.lnk
2016-03-12 22:23 - 2015-03-15 16:44 - 00001005 _____ C:\Users\My\Desktop\Dropbox.lnk
2016-03-12 22:23 - 2014-10-26 14:15 - 00000871 _____ C:\Users\My\Desktop\Sam2 - Shortcut.lnk
2016-03-12 22:23 - 2014-09-07 09:31 - 00001157 _____ C:\Users\My\Desktop\Warcraft III - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:58 - 00000521 _____ C:\Users\My\Desktop\gta-vc - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:16 - 00001023 _____ C:\Users\My\Desktop\F1 Challenge 99-02 - Shortcut.lnk
2016-03-12 22:23 - 2014-08-30 18:29 - 00001395 _____ C:\Users\My\Desktop\TennisElbow - Shortcut.lnk
2016-03-12 22:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-12 22:23 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-12 22:23 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-12 21:12 - 2015-06-12 00:47 - 00000000 ____D C:\Users\My\AppData\Roaming\Elex-tech
2016-03-12 21:12 - 2015-06-12 00:47 - 00000000 ____D C:\Program Files\Elex-tech
2016-03-12 21:12 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\ShellNew
2016-03-12 20:53 - 2014-08-16 23:12 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-11 13:10 - 2015-06-19 22:05 - 00001160 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job
2016-02-27 16:40 - 2015-10-10 12:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 16:38 - 2015-10-10 12:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-15 17:10 - 2015-03-07 11:40 - 00000000 ____D C:\Users\My\Desktop\Flo

==================== Files in the root of some directories =======

2014-09-07 11:50 - 2015-03-06 23:32 - 0000511 _____ () C:\Users\My\AppData\Roaming\Taxi4.MCS
2015-11-27 12:22 - 2015-11-27 12:22 - 0000000 _____ () C:\Users\My\AppData\Local\{75FE9489-1B6F-413E-8291-39D3DE632EB4}

Some files in TEMP:
====================
C:\Users\My\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpranpvk.dll
C:\Users\My\AppData\Local\Temp\eauninstall.exe
C:\Users\My\AppData\Local\Temp\F1 Challenge 99-02_uninst.exe
C:\Users\My\AppData\Local\Temp\GURC029.exe
C:\Users\My\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\My\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\My\AppData\Local\Temp\SIntf16.dll
C:\Users\My\AppData\Local\Temp\SIntf32.dll
C:\Users\My\AppData\Local\Temp\SIntfNT.dll
C:\Users\My\AppData\Local\Temp\_TinDel.exe
C:\Users\My\AppData\Local\Temp\{F444AC50-EA77-4F7A-9DBF-507ABDE5D095}-DropboxClient_3.8.6.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-01 16:21

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

ADDITION:

[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-13 11:01:34)
Running from C:\Users\My\Downloads
Microsoft Windows 7 Ultimate  (X86) (2014-08-03 03:07:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3687503007-941926512-4131969123-500 - Administrator - Disabled)
Guest (S-1-5-21-3687503007-941926512-4131969123-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3687503007-941926512-4131969123-1002 - Limited - Enabled)
My (S-1-5-21-3687503007-941926512-4131969123-1000 - Administrator - Enabled) => C:\Users\My

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Dropbox (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 43.0.1 (x86 de) (HKLM\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
o2 Surfstick (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.92 (HKLM\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Spotify (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016013F4-C958-4529-9A2E-5D18D7AC2606} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {10AFAF4D-3212-4357-99BA-8FD8FDD7556B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4BD42C01-C262-49F9-A2F7-26CEEF66657F} - System32\Tasks\Opera scheduled Autoupdate 1408189153 => C:\Program Files\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {5C6C7A37-D55C-4C1B-BFA6-F9EAECB5E3D0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {5EA2A56B-2250-4F26-B31B-3AE938673FCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {66C07BAF-1D9B-455E-A0CF-73D915875D7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {67C14541-55FC-4976-AA65-38C882D36EC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {97842D8B-F33F-41AD-9CF2-703F66C4B346} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {ACB514EB-4A65-4E3A-B309-9E3ED39652CA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {ADECBC8B-2A6B-45E6-A26E-BF452EA6FE80} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {AE1C87EC-B1BF-42D3-A947-83046ED31CF5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-26] (Microsoft Corporation)
Task: {BED3DC6B-DD98-48BF-949F-8E2307A777B8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {EEA19365-A1D3-46DD-8C49-6A42ED6AF852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {F4EF8597-026C-4591-858F-B9818D49DB60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-01 12:24 - 2015-05-01 12:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 12:24 - 2015-05-01 12:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-12 19:12 - 2016-03-12 19:12 - 02840576 _____ () C:\Program Files\AVAST Software\Avast\defs\16031203\algo.dll
2016-03-13 10:53 - 2016-03-13 10:53 - 02840576 _____ () C:\Program Files\AVAST Software\Avast\defs\16031300\algo.dll
2015-10-10 12:46 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-06 19:40 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00419072 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00446720 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
2015-05-01 12:24 - 2015-05-01 12:24 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-14 18:47 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-20 18:22 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-14 18:47 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-20 18:22 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-20 18:22 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-07-26 12:10 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-03-10 12:15 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\My\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95265C94-A551-4EED-A051-3AA751E4FC6A}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{169A63DD-8282-40CF-ADD6-A7BA16103F0C}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B853B46-8FFC-4B4E-932D-5C300DDB99D0}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{53ECD8DB-A47E-487A-8973-14FA94E0E146}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{791ACA9E-7C91-41AF-9B82-D85CE4EE8EAC}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{BADCA0F7-FB5C-4324-9E54-C4C54491B1F7}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{B986FC4B-EAC5-4AC0-93A3-19E4E77A8865}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{2CD85341-BBC0-4417-81A5-0C99AA42C77B}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{D71080FF-B5F2-4F59-B7A6-566B9CF0BEC3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{24B3E689-04E4-49EA-A300-25C05BE5B247}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{506E07C0-6A79-42CE-80AD-21D21CA3EDD4}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{C28B6765-16F9-48A8-8270-84DD1C3C9F01}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{1B5CFA3E-87DC-44C4-9E2D-D420A42920C0}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{CEB1CBE1-A549-4713-B4B3-B41AAD470404}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{52634C8B-0C84-4FBF-83FA-F71CE5B663C9}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{0527EABF-FDC1-4413-974C-89A6825C0E40}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{988A620A-753C-459D-A67E-957A58A03B1C}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{49E370D3-8AA2-47BB-8F85-452386F11C46}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE426607-B017-4D1B-A6C1-4DB214999578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{848194D7-2B56-4BB2-B035-A336540DBD1F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{798407F8-A5A0-4EDC-95BB-F7EB50CED5FF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E60DEE62-DFA3-49B1-B912-4A9F750DA919}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF841A8D-CECE-4632-AD61-F11DA1CE637D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A79A71AB-4750-4AEE-86BA-6876EF8FD1B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C659862F-5AAC-49F9-A93F-3D44CFA59FD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{31762183-F61B-458B-AD1F-E513F5CCE483}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8FC47F3-A6A7-452D-AABA-73875AB2408B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FD7F7DE-3884-439B-9145-7160FDEC1BE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09ABDFB5-EAF6-4B6B-A435-2E12122634DB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{ACA41EBA-0B47-4F82-9E7E-D41999EE174C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C20810FC-FF68-4F66-9C4C-BC136D00C772}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-03-2016 00:13:54 Removed Assassin's Creed
13-03-2016 00:14:55 Removed Cisco AnyConnect Secure Mobility Client
13-03-2016 00:17:37 Removed Grand Theft Auto Vice City
13-03-2016 00:18:51 Entfernt Sacred 2 - Fallen Angel
13-03-2016 00:19:57 Removed Serious Sam: The First Encounter
13-03-2016 00:20:23 Removed Stronghold Crusader Extreme

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 12:13:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2984a6a2-12e2-4d93-99f2-63284fc7523e}

Error: (03/12/2016 07:22:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/12/2016 07:22:09 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/12/2016 07:22:08 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/11/2016 05:25:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/11/2016 05:25:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/11/2016 05:25:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/10/2016 05:25:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/10/2016 05:25:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {1CBF6558-C047-4796-82E5-D7AC1F678C06}

Error: (03/10/2016 05:25:14 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {1CBF6558-C047-4796-82E5-D7AC1F678C06}


System errors:
=============
Error: (03/12/2016 10:23:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/12/2016 09:13:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/12/2016 09:13:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:11:33 PM on ‎3/‎12/‎2016 was unexpected.

Error: (03/12/2016 08:26:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/12/2016 08:25:54 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (03/12/2016 07:51:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/12/2016 07:26:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IhPul service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/12/2016 07:26:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/12/2016 07:11:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/09/2016 02:51:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 48%
Total physical RAM: 1993.25 MB
Available physical RAM: 1028.66 MB
Total Virtual: 3986.49 MB
Available Virtual: 2177.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.92 GB) (Free:17.81 GB) NTFS
Drive d: () (Fixed) (Total:247.07 GB) (Free:220.83 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2DD3047)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---


Zusatzinfo:

Nicht wundern, dass bei mir alles auf Englisch ist. Ich hoffe, dass dies kein Problem darstellt. Ich hab den Rechner gebraucht von einer Privatperson gekauft und mein komplettes System ist auf Englisch eingestellt.

Habe schon versucht das zu ändern, aber scheinbar habe ich das "Zusatzpaket" (oder wie auch immer das bei Windows heißt) für die deutsche Sprache nicht und kann es auch nicht einfach hinzufügen oder bin zu blöd dafür
__________________

Alt 13.03.2016, 15:29   #4
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



haha ausgezeichnet

Schritt: 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt: 2
Starte bitte wieder Malwarebytes Anti-Malware
  • Klicke auf die Einstellungen / Erkennung und Schutz und setze dabei den Haken bei "Nach Rootkits suchen"
  • Klicke im Anschluss auf Dashboard und klicke unter dem Punkt Datenbankversion auf "Jetzt aktualisieren"
  • Wechsle zum Reiter Scannen und wähle den Bedrohungssuchlauf aus und klicke im Anschluss auf Suchlauf starten
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:
  • Logfile von AdwCleaner
  • Logfile von Malwarebytes
  • Frst.txt
  • Addition.txt
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 13.03.2016, 16:09   #5
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Und ab geht die wilde Fahrt ich mach es Schritt für Schritt, dann kann nichts schiefgehen

Code:
ATTFilter
# AdwCleaner v5.101 - Bericht erstellt am 13/03/2016 um 15:39:15
# Aktualisiert am 07/03/2016 von Xplode
# Datenbank : 2016-03-08.1 [Server]
# Betriebssystem : Windows 7 Ultimate  (x86)
# Benutzername : My - MY-PC
# Gestartet von : C:\Users\My\Downloads\AdwCleaner_5.101.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files\Elex-tech
[-] Ordner Gelöscht : C:\Program Files\globalUpdate
[-] Ordner Gelöscht : C:\Program Files\predm
[-] Ordner Gelöscht : C:\Program Files\Trymedia
[-] Ordner Gelöscht : C:\ProgramData\apn
[-] Ordner Gelöscht : C:\Users\My\AppData\Local\globalUpdate
[-] Ordner Gelöscht : C:\Users\My\AppData\Local\Temp\apn
[-] Ordner Gelöscht : C:\Users\My\AppData\Roaming\337Games
[-] Ordner Gelöscht : C:\Users\My\AppData\Roaming\eCyber
[-] Ordner Gelöscht : C:\Users\My\AppData\Roaming\Elex-tech
[-] Ordner Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_ffhfoagmjcnkolneahbpagjcjjaeofbg_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_ffhfoagmjcnkolneahbpagjcjjaeofbg_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_ffhfoagmjcnkolneahbpagjcjjaeofbg_0
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\ffhfoagmjcnkolneahbpagjcjjaeofbg
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_ciuvo.com_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_ciuvo.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_api.ciuvo.com_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Datei Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****

[-] Geplante Aufgabe Gelöscht : LaunchSignup

***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Schlüssel Gelöscht : HKCU\Software\genesis
[-] Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
[#] Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Softonic
[-] Schlüssel Gelöscht : HKCU\Software\V9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Elex-tech
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\TSv
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\Elex-tech
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Internetbrowser ] *****

[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.alias", "");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://v9.com/favicon.ico?t=1");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.name", "V9 ");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.ptid", "ient07031");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.ref", "");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.ts", "1450296954");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.type", "");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.uid", "wdcxwd3200aajs-60z0a0_wd-wcav2z82011120111");
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://v9.com/web?type=ds&ts=1450296954&from=zzgbkk123&uid=wdcxwd3200aajs-60z0a0_wd-wcav2z82011120111&z=d259d34209ff3512b29d692g3z4w3e8o7t7q2t5wdz&q={sear[...]
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : feed.helperbar.com
[-] [C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : delta-homes
[-] [C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Gelöscht : hxxp://www.delta-homes.com/?type=hp&ts=1429887833&from=ient04240&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
[-] [C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : hxxp://search.delta-homes.com/webfavicon.ico
[-] [C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Gelöscht : hxxp://search.delta-homes.com/web/?type=ds&ts=1429887833&from=ient04240&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111&q={searchTerms}
[-] [C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : aaaaaiabcopkplhgaedhbloeejhhankf

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [13353 Bytes] - [13/03/2016 15:39:15]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [904 Bytes] - [13/03/2016 15:33:59]
C:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [12887 Bytes] - [13/03/2016 15:38:09]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [13615 Bytes] ##########
         
Malwarebytes Anti-Malware hat keine Objekte erkannt.

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 13.03.2016
Suchlaufzeit: 15:45
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.03.13.03
Rootkit-Datenbank: v2016.03.12.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: My

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 308139
Abgelaufene Zeit: 14 Min., 15 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by My (administrator) on MY-PC (13-03-2016 16:06:05)
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Spotify Ltd) C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF0acA7] => C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Dropbox Update] => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Spotify Web Helper] => C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-02] (Spotify Ltd)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Avast-Browser-Cleanup] => C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe [3840080 2016-03-12] (AVAST Software)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881d3-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881df-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785882e5-2538-11e4-b7f6-001e101f8aaa} - L:\Setup.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {b7f08f6c-2573-11e4-ac08-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {d13a326a-65dc-11e4-bb84-344b50b7ef20} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {faff2e3f-1aba-11e4-ab0f-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-03-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2016-03-12]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{281396E6-30BB-4E14-80CC-FDE4B22286FB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{35787BD2-AE79-4DB1-A43B-5F88D2370FEF}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{84366F90-C50A-4ED3-AB68-CE1FB51E65DA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8F5A98F3-365A-4D40-AFCC-9F548C91752F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E66BD2C1-2B2B-4982-A275-384AB3DDB42F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3687503007-941926512-4131969123-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
BHO: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-13] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default
FF DefaultSearchEngine: V9 
FF SelectedSearchEngine: V9 
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1442918440&z=cbe61584a8c7bf1cc32d5f8g5z6z1odtfg8bfz9c6t&from=ient07031&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-22] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast SafePrice) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-14]
CHR Extension: (Adblock Super) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Google Mail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-03] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2012-10-25] (Realtek Semiconductor Corporation                           )
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2015-10-23] (Cisco Systems, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 16:05 - 2016-03-13 16:05 - 01725440 _____ (Farbar) C:\Users\My\Downloads\FRST.exe
2016-03-13 16:01 - 2016-03-13 16:01 - 00001190 _____ C:\Users\My\Desktop\mbam.txt
2016-03-13 15:32 - 2016-03-13 15:39 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-13 15:32 - 2016-03-13 15:32 - 01524224 _____ C:\Users\My\Downloads\AdwCleaner_5.101.exe
2016-03-13 11:01 - 2016-03-13 11:02 - 00035631 _____ C:\Users\My\Downloads\Addition.txt
2016-03-13 11:00 - 2016-03-13 16:06 - 00018221 _____ C:\Users\My\Downloads\FRST.txt
2016-03-13 11:00 - 2016-03-13 16:06 - 00000000 ____D C:\FRST
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\MSDOS.SYS
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\IO.SYS
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\AppData\Roaming\Sun
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\.oracle_jre_usage
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-13 00:05 - 2016-03-13 00:05 - 00000000 ____D C:\Users\My\AppData\LocalLow\Oracle
2016-03-12 20:33 - 2016-03-13 15:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 20:32 - 2016-03-12 22:24 - 00001054 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 20:31 - 2016-03-12 20:32 - 22908888 _____ (Malwarebytes ) C:\Users\My\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 19:24 - 2016-03-12 19:25 - 03840080 _____ (AVAST Software) C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe
2016-03-12 19:23 - 2016-03-12 19:27 - 00248615 _____ C:\Users\My\Downloads\Nicht bestätigt 550384.crdownload
2016-03-03 18:06 - 2016-03-03 18:06 - 00055112 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0112015_vom_02.11.2015_20160303060617.pdf
2016-03-03 18:04 - 2016-03-03 18:05 - 00056563 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0102015_vom_01.10.2015_20160303060429.pdf
2016-02-20 18:23 - 2016-02-20 18:23 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 15:47 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 15:47 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 15:43 - 2015-03-15 16:44 - 00000000 ___RD C:\Users\My\Dropbox
2016-03-13 15:43 - 2015-03-13 10:44 - 00000000 ____D C:\Users\My\AppData\Roaming\Dropbox
2016-03-13 15:42 - 2015-03-06 23:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 15:42 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 15:39 - 2014-08-30 15:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 15:10 - 2015-06-19 22:05 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job
2016-03-13 14:42 - 2015-03-06 23:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 13:10 - 2015-06-19 22:05 - 00001160 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job
2016-03-13 00:20 - 2014-08-16 20:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-13 00:20 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\ProgramData\Cisco
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\Program Files\Cisco
2016-03-13 00:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-13 00:13 - 2014-08-23 13:58 - 00000000 ____D C:\ProgramData\BioWare
2016-03-13 00:13 - 2014-08-23 13:53 - 00000000 ____D C:\ProgramData\Media Center Programs
2016-03-13 00:07 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\Program Files\Java
2016-03-13 00:06 - 2014-08-02 19:10 - 00000000 ____D C:\Users\My
2016-03-13 00:05 - 2015-03-18 16:25 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-12 22:28 - 2014-08-16 12:39 - 00000000 ____D C:\Program Files\Opera
2016-03-12 22:24 - 2015-10-01 20:01 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-10-01 20:01 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-09-24 23:49 - 00001793 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-03-12 22:24 - 2015-09-22 21:49 - 00000947 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2016-03-12 22:24 - 2015-09-22 21:18 - 00000983 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-05-01 12:24 - 00002069 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 22:24 - 2015-04-17 17:42 - 00001163 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2016-03-12 22:24 - 2015-03-07 11:52 - 00001060 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2016-03-12 22:24 - 2015-03-07 11:36 - 00001035 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2016-03-12 22:24 - 2015-03-06 23:55 - 00002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-12 22:24 - 2015-03-06 23:55 - 00002115 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-12 22:24 - 2014-08-30 15:36 - 00002083 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-03-12 22:24 - 2014-08-24 10:56 - 00001848 _____ C:\Users\Public\Desktop\o2 Surfstick.lnk
2016-03-12 22:24 - 2014-08-16 12:52 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001063 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-12 22:24 - 2014-08-02 19:11 - 00001389 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-12 22:24 - 2009-07-14 05:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-12 22:23 - 2015-09-24 23:49 - 00001787 _____ C:\Users\My\Desktop\Spotify.lnk
2016-03-12 22:23 - 2015-03-15 16:44 - 00001005 _____ C:\Users\My\Desktop\Dropbox.lnk
2016-03-12 22:23 - 2014-10-26 14:15 - 00000871 _____ C:\Users\My\Desktop\Sam2 - Shortcut.lnk
2016-03-12 22:23 - 2014-09-07 09:31 - 00001157 _____ C:\Users\My\Desktop\Warcraft III - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:58 - 00000521 _____ C:\Users\My\Desktop\gta-vc - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:16 - 00001023 _____ C:\Users\My\Desktop\F1 Challenge 99-02 - Shortcut.lnk
2016-03-12 22:23 - 2014-08-30 18:29 - 00001395 _____ C:\Users\My\Desktop\TennisElbow - Shortcut.lnk
2016-03-12 22:23 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-12 22:23 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-12 21:12 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\ShellNew
2016-03-12 20:53 - 2014-08-16 23:12 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-27 16:40 - 2015-10-10 12:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 16:38 - 2015-10-10 12:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-15 17:10 - 2015-03-07 11:40 - 00000000 ____D C:\Users\My\Desktop\Flo

==================== Files in the root of some directories =======

2014-09-07 11:50 - 2015-03-06 23:32 - 0000511 _____ () C:\Users\My\AppData\Roaming\Taxi4.MCS
2015-11-27 12:22 - 2015-11-27 12:22 - 0000000 _____ () C:\Users\My\AppData\Local\{75FE9489-1B6F-413E-8291-39D3DE632EB4}

Some files in TEMP:
====================
C:\Users\My\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpranpvk.dll
C:\Users\My\AppData\Local\Temp\eauninstall.exe
C:\Users\My\AppData\Local\Temp\F1 Challenge 99-02_uninst.exe
C:\Users\My\AppData\Local\Temp\GURC029.exe
C:\Users\My\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\My\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\My\AppData\Local\Temp\SIntf16.dll
C:\Users\My\AppData\Local\Temp\SIntf32.dll
C:\Users\My\AppData\Local\Temp\SIntfNT.dll
C:\Users\My\AppData\Local\Temp\sqlite3.dll
C:\Users\My\AppData\Local\Temp\{F444AC50-EA77-4F7A-9DBF-507ABDE5D095}-DropboxClient_3.8.6.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-01 16:21

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

Addition

[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-13 16:06:30)
Running from C:\Users\My\Downloads
Microsoft Windows 7 Ultimate  (X86) (2014-08-03 03:07:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3687503007-941926512-4131969123-500 - Administrator - Disabled)
Guest (S-1-5-21-3687503007-941926512-4131969123-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3687503007-941926512-4131969123-1002 - Limited - Enabled)
My (S-1-5-21-3687503007-941926512-4131969123-1000 - Administrator - Enabled) => C:\Users\My

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Dropbox (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 43.0.1 (x86 de) (HKLM\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
o2 Surfstick (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.92 (HKLM\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Spotify (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10AFAF4D-3212-4357-99BA-8FD8FDD7556B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4BD42C01-C262-49F9-A2F7-26CEEF66657F} - System32\Tasks\Opera scheduled Autoupdate 1408189153 => C:\Program Files\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {5C6C7A37-D55C-4C1B-BFA6-F9EAECB5E3D0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {5EA2A56B-2250-4F26-B31B-3AE938673FCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {66C07BAF-1D9B-455E-A0CF-73D915875D7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {67C14541-55FC-4976-AA65-38C882D36EC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {97842D8B-F33F-41AD-9CF2-703F66C4B346} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {ACB514EB-4A65-4E3A-B309-9E3ED39652CA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {ADECBC8B-2A6B-45E6-A26E-BF452EA6FE80} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {AE1C87EC-B1BF-42D3-A947-83046ED31CF5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-26] (Microsoft Corporation)
Task: {BED3DC6B-DD98-48BF-949F-8E2307A777B8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {EEA19365-A1D3-46DD-8C49-6A42ED6AF852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {F4EF8597-026C-4591-858F-B9818D49DB60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-01 12:24 - 2015-05-01 12:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 12:24 - 2015-05-01 12:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-13 10:53 - 2016-03-13 10:53 - 02840576 _____ () C:\Program Files\AVAST Software\Avast\defs\16031300\algo.dll
2015-10-10 12:46 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-06 19:40 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00419072 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00446720 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
2015-05-01 12:24 - 2015-05-01 12:24 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-14 18:47 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-20 18:22 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-14 18:47 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-20 18:22 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-20 18:22 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-07-26 12:10 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95265C94-A551-4EED-A051-3AA751E4FC6A}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{169A63DD-8282-40CF-ADD6-A7BA16103F0C}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B853B46-8FFC-4B4E-932D-5C300DDB99D0}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{53ECD8DB-A47E-487A-8973-14FA94E0E146}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{791ACA9E-7C91-41AF-9B82-D85CE4EE8EAC}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{BADCA0F7-FB5C-4324-9E54-C4C54491B1F7}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{B986FC4B-EAC5-4AC0-93A3-19E4E77A8865}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{2CD85341-BBC0-4417-81A5-0C99AA42C77B}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{D71080FF-B5F2-4F59-B7A6-566B9CF0BEC3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{24B3E689-04E4-49EA-A300-25C05BE5B247}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{506E07C0-6A79-42CE-80AD-21D21CA3EDD4}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{C28B6765-16F9-48A8-8270-84DD1C3C9F01}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{1B5CFA3E-87DC-44C4-9E2D-D420A42920C0}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{CEB1CBE1-A549-4713-B4B3-B41AAD470404}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{52634C8B-0C84-4FBF-83FA-F71CE5B663C9}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{0527EABF-FDC1-4413-974C-89A6825C0E40}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{988A620A-753C-459D-A67E-957A58A03B1C}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{49E370D3-8AA2-47BB-8F85-452386F11C46}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE426607-B017-4D1B-A6C1-4DB214999578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{848194D7-2B56-4BB2-B035-A336540DBD1F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{798407F8-A5A0-4EDC-95BB-F7EB50CED5FF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E60DEE62-DFA3-49B1-B912-4A9F750DA919}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF841A8D-CECE-4632-AD61-F11DA1CE637D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A79A71AB-4750-4AEE-86BA-6876EF8FD1B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C659862F-5AAC-49F9-A93F-3D44CFA59FD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{31762183-F61B-458B-AD1F-E513F5CCE483}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8FC47F3-A6A7-452D-AABA-73875AB2408B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FD7F7DE-3884-439B-9145-7160FDEC1BE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09ABDFB5-EAF6-4B6B-A435-2E12122634DB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{ACA41EBA-0B47-4F82-9E7E-D41999EE174C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C20810FC-FF68-4F66-9C4C-BC136D00C772}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-03-2016 00:13:54 Removed Assassin's Creed
13-03-2016 00:14:55 Removed Cisco AnyConnect Secure Mobility Client
13-03-2016 00:17:37 Removed Grand Theft Auto Vice City
13-03-2016 00:18:51 Entfernt Sacred 2 - Fallen Angel
13-03-2016 00:19:57 Removed Serious Sam: The First Encounter
13-03-2016 00:20:23 Removed Stronghold Crusader Extreme

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 03:34:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ADWCLE~1.EXE version 5.1.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 143c

Start Time: 01d17d35436d1e4a

Termination Time: 16

Application Path: C:\Users\My\DOWNLO~1\ADWCLE~1.EXE

Report Id:

Error: (03/13/2016 12:13:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2984a6a2-12e2-4d93-99f2-63284fc7523e}

Error: (03/12/2016 07:22:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/12/2016 07:22:09 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/12/2016 07:22:08 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/11/2016 05:25:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/11/2016 05:25:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/11/2016 05:25:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/10/2016 05:25:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/10/2016 05:25:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {1CBF6558-C047-4796-82E5-D7AC1F678C06}


System errors:
=============
Error: (03/13/2016 03:42:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/13/2016 03:39:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056

Error: (03/13/2016 03:39:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/13/2016 03:39:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/13/2016 03:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 3 Creator service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/13/2016 03:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/13/2016 03:39:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office-Klick-und-Los-Dienst service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/13/2016 03:39:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/13/2016 03:39:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/12/2016 10:23:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 1993.25 MB
Available physical RAM: 861.97 MB
Total Virtual: 3986.49 MB
Available Virtual: 2699.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.92 GB) (Free:17.76 GB) NTFS
Drive d: () (Fixed) (Total:247.07 GB) (Free:220.84 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2DD3047)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---




Das war soweit alles, was gebraucht wird, hoff ich

Bereit für weitere Instruktionen, Sergeant


Alt 14.03.2016, 09:51   #6
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



haha sehr gut gemacht


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...

Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________
--> "fraudtool.yac" beherrscht meinen PC

Alt 14.03.2016, 19:37   #7
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c55c6bbc03deaa4380aa665570574199
# end=init
# utc_time=2016-03-14 11:51:51
# local_time=2016-03-14 12:51:51 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7600 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28566
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c55c6bbc03deaa4380aa665570574199
# end=updated
# utc_time=2016-03-14 11:58:31
# local_time=2016-03-14 12:58:31 (+0100, W. Europe Standard Time)
# country="Germany"
# osver=6.1.7600 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c55c6bbc03deaa4380aa665570574199
# engine=28566
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-03-14 12:35:29
# local_time=2016-03-14 01:35:29 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=794 16777213 100 100 8690847 27726391 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1028638 210411520 0 0
# scanned=111451
# found=24
# cleaned=0
# scan_time=2218
sh=C7DC3FCFDEE0449801FE7739576FFFFFAC64FD68 ft=1 fh=e5efa23bff610f94 vn="Variante von Win32/ELEX.BP evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JL2O19F\iplug[1].dat"
sh=62BFF91A7E351CB1A21EF92320815874B2D2DFA8 ft=1 fh=fc2555afc5bde153 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\DMR\dmr_72.exe"
sh=849821C97DBDA4BBE1A2A4D9CD68E28E31802E32 ft=1 fh=374d317cc3e67f51 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\HYDF3D1.tmp.1442851000_permissionsCopy\updates\3.4.2_32691.exe"
sh=11756961E847C4BA8668CC7C3394D566337B650E ft=1 fh=75fde80ddbe6b77e vn="Variante von Win32/ELEX.FM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\st3E8.tmp\dup.exe"
sh=A4A83AF76D69F15932FB1521BCB9F8465C74308B ft=1 fh=77d1d8d17265f86f vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\st3E8.tmp\TrayDownloader.exe"
sh=B7292160E769A9387EE73EAB4996ADFCEA1A95DE ft=1 fh=9b9b00314087cc5e vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\st3E8.tmp\zlib1.dll"
sh=DA5F3A54209CC1920E36194E52F7ABDB891E9D27 ft=1 fh=2b2367c86273402a vn="Win32/ELEX.FL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\st4CF7.tmp\Picexa.exe"
sh=D0AF4E7D34E4787608FF0E62BD28C6EF458D4F03 ft=1 fh=34bc64fee49aa9e3 vn="Variante von Win32/ELEX.CK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\st4CF7.tmp\PicexaSvc.exe"
sh=B7292160E769A9387EE73EAB4996ADFCEA1A95DE ft=1 fh=9b9b00314087cc5e vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\st4CF7.tmp\zlib1.dll"
sh=D3041371E33512B8CF93047DE2ADD40DED2B75FE ft=1 fh=a70ae913aca80ab1 vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\curlpp.dll"
sh=11756961E847C4BA8668CC7C3394D566337B650E ft=1 fh=75fde80ddbe6b77e vn="Variante von Win32/ELEX.FM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\dup.exe"
sh=678E13D88B216015B2E1946DF268DAF7C348AC37 ft=1 fh=1224bbbb6f6901bc vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\libcurl.dll"
sh=21F21B5411364A2D991D81D1E3D44AFD39653FA3 ft=1 fh=9b8c7ffc2860a85c vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\libeay32.dll"
sh=5027A515466D80DDC7AF6573FFA7C5D6C48B1267 ft=1 fh=badc2823bf488730 vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\libpng.dll"
sh=60021C76E0B0C803834261977658E9BAF68B0F46 ft=1 fh=f45d84bc56d81777 vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\ouilibx.dll"
sh=D8AC4191BB5135F49F4CDAE916FBE68A4AB48936 ft=1 fh=1998567dd7d82e0f vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\Picexa.exe"
sh=CF51F5768B22A47B881DF796CCA5E54253866F39 ft=1 fh=7ffa5d01c74ff4e3 vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\sqlite3.dll"
sh=BE1925DC4BB9B7051729D0C408FDF3B28CED1686 ft=1 fh=0d6257ac313a1e51 vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\ssleay32.dll"
sh=A4A83AF76D69F15932FB1521BCB9F8465C74308B ft=1 fh=77d1d8d17265f86f vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\TrayDownloader.exe"
sh=1212B403B767F4041A06AC6911FE408EF4742E97 ft=1 fh=fece3270e543e5aa vn="Variante von Win32/ELEX.GY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\AppData\Local\Temp\stF8A2.tmp\zlib1.dll"
sh=849821C97DBDA4BBE1A2A4D9CD68E28E31802E32 ft=1 fh=374d317cc3e67f51 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\Desktop\uTorrent_3_4_2_32691.exe"
sh=2FC4E5FBFDAD3F2E68253645EC3B0F2FA31FFD80 ft=1 fh=58d8cdf04867bd19 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\Downloads\Nicht bestätigt 533344.crdownload"
sh=2FC4E5FBFDAD3F2E68253645EC3B0F2FA31FFD80 ft=1 fh=58d8cdf04867bd19 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\Downloads\PDFCreator-2_1_2-setup.exe"
sh=F1E37798A315618D9BD360763C183D72CE6EF651 ft=1 fh=85c33003bb6ecefd vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\My\Downloads\TeamViewer - CHIP-Installer.exe"
         
Momentan gehen keine Popups in neuen Tabs mehr auf und zum ersten Mal ist diese komische Deltahomes-Startseite weg

Falls dir jetzt nichts mehr in den Logs auffällt würde ich fast mal behaupten, dass du einen geilen Job gemacht hast

Interessant wäre für mich noch zu wissen was genau ich denn auf meinen PC als Schutz aufspielen soll, damit ich in ein paar Wochen nicht wieder das gleiche Problem hab.

Avast sei ja scheinbar nicht so der Knaller, so wie ich das hier schon in manchen Strängen gelesen hab.

Wär super, wenn ich da noch einen Tipp bekommen könnte

Aber wir beenden erstmal die Putzerei

Alt 15.03.2016, 20:36   #8
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Ok, wir stehen wieder am Anfang

Es war alles gut. Keine PopUps, keine unnötige Werbung etc.

Dann hab ich den Adblocksuper bei Chrome aktiviert, weil ich gesehen habe, dass der deaktiviert war und seitdem (oder einfach nur Zufall), gehen wieder regelmäßig alle paar Klicks neue Tabs mit Werbung auf und es kommt vereinzelt Werbung in eingeblendeten PopUps.

Auch während ich beispielsweise auf trojaner-board surfe.

Irgendwo sitzt da noch dieses Teil, das mir den letzten Nerv raubt...und dir wahrscheinlich irgendwann auch

Wie vernichten wir das Ding?

Da ich hier schon einige Threads gelesen habe, gehe ich schwer davon aus, dass du für die Analyse eine aktuelle FRST-Log benötigst.

Ich hoff, ich spar dir dazu bisschen Arbeit


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by My (administrator) on MY-PC (15-03-2016 20:32:30)
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Spotify Ltd) C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF0acA7] => C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Dropbox Update] => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Spotify Web Helper] => C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-02] (Spotify Ltd)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Avast-Browser-Cleanup] => C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe [3840080 2016-03-12] (AVAST Software)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881d3-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881df-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785882e5-2538-11e4-b7f6-001e101f8aaa} - L:\Setup.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {b7f08f6c-2573-11e4-ac08-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {d13a326a-65dc-11e4-bb84-344b50b7ef20} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {faff2e3f-1aba-11e4-ab0f-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-03-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2016-03-12]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{281396E6-30BB-4E14-80CC-FDE4B22286FB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{35787BD2-AE79-4DB1-A43B-5F88D2370FEF}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{84366F90-C50A-4ED3-AB68-CE1FB51E65DA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8F5A98F3-365A-4D40-AFCC-9F548C91752F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E66BD2C1-2B2B-4982-A275-384AB3DDB42F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3687503007-941926512-4131969123-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
BHO: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-13] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default
FF DefaultSearchEngine: V9 
FF SelectedSearchEngine: V9 
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1442918440&z=cbe61584a8c7bf1cc32d5f8g5z6z1odtfg8bfz9c6t&from=ient07031&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-22] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast SafePrice) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Avast Online Security) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-14]
CHR Extension: (Adblock Super) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Google Mail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-03] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
R3 eapihdrv; C:\Users\My\AppData\Local\Temp\ehdrv.sys [135760 2016-03-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2012-10-25] (Realtek Semiconductor Corporation                           )
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2015-10-23] (Cisco Systems, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 12:51 - 2016-03-14 12:51 - 00000000 ____D C:\Program Files\ESET
2016-03-14 12:46 - 2016-03-14 12:46 - 02870984 _____ (ESET) C:\Users\My\Downloads\esetsmartinstaller_deu.exe
2016-03-13 16:05 - 2016-03-13 16:05 - 01725440 _____ (Farbar) C:\Users\My\Downloads\FRST.exe
2016-03-13 16:01 - 2016-03-13 16:01 - 00001190 _____ C:\Users\My\Desktop\mbam.txt
2016-03-13 15:32 - 2016-03-13 15:39 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-13 15:32 - 2016-03-13 15:32 - 01524224 _____ C:\Users\My\Downloads\AdwCleaner_5.101.exe
2016-03-13 11:01 - 2016-03-13 16:06 - 00035739 _____ C:\Users\My\Downloads\Addition.txt
2016-03-13 11:00 - 2016-03-15 20:32 - 00018844 _____ C:\Users\My\Downloads\FRST.txt
2016-03-13 11:00 - 2016-03-15 20:32 - 00000000 ____D C:\FRST
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\MSDOS.SYS
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\IO.SYS
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\AppData\Roaming\Sun
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\.oracle_jre_usage
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-13 00:05 - 2016-03-13 00:05 - 00000000 ____D C:\Users\My\AppData\LocalLow\Oracle
2016-03-12 20:33 - 2016-03-13 15:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 20:32 - 2016-03-12 22:24 - 00001054 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 20:31 - 2016-03-12 20:32 - 22908888 _____ (Malwarebytes ) C:\Users\My\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 19:24 - 2016-03-12 19:25 - 03840080 _____ (AVAST Software) C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe
2016-03-12 19:23 - 2016-03-12 19:27 - 00248615 _____ C:\Users\My\Downloads\Nicht bestätigt 550384.crdownload
2016-03-03 18:06 - 2016-03-03 18:06 - 00055112 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0112015_vom_02.11.2015_20160303060617.pdf
2016-03-03 18:04 - 2016-03-03 18:05 - 00056563 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0102015_vom_01.10.2015_20160303060429.pdf
2016-02-20 18:23 - 2016-02-20 18:23 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 20:10 - 2015-06-19 22:05 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job
2016-03-15 19:42 - 2015-03-06 23:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 17:22 - 2015-06-19 22:05 - 00001160 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job
2016-03-14 22:45 - 2015-03-06 23:55 - 00002133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 22:45 - 2015-03-06 23:55 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-14 22:42 - 2015-03-06 23:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 15:47 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 15:47 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 15:43 - 2015-03-15 16:44 - 00000000 ___RD C:\Users\My\Dropbox
2016-03-13 15:43 - 2015-03-13 10:44 - 00000000 ____D C:\Users\My\AppData\Roaming\Dropbox
2016-03-13 15:42 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 15:39 - 2014-08-30 15:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 00:20 - 2014-08-16 20:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-13 00:20 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\ProgramData\Cisco
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\Program Files\Cisco
2016-03-13 00:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-13 00:13 - 2014-08-23 13:58 - 00000000 ____D C:\ProgramData\BioWare
2016-03-13 00:13 - 2014-08-23 13:53 - 00000000 ____D C:\ProgramData\Media Center Programs
2016-03-13 00:07 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\Program Files\Java
2016-03-13 00:06 - 2014-08-02 19:10 - 00000000 ____D C:\Users\My
2016-03-13 00:05 - 2015-03-18 16:25 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-12 22:28 - 2014-08-16 12:39 - 00000000 ____D C:\Program Files\Opera
2016-03-12 22:24 - 2015-10-01 20:01 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-10-01 20:01 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-09-24 23:49 - 00001793 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-03-12 22:24 - 2015-09-22 21:49 - 00000947 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2016-03-12 22:24 - 2015-09-22 21:18 - 00000983 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-05-01 12:24 - 00002069 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 22:24 - 2015-04-17 17:42 - 00001163 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2016-03-12 22:24 - 2015-03-07 11:52 - 00001060 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2016-03-12 22:24 - 2015-03-07 11:36 - 00001035 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2016-03-12 22:24 - 2014-08-30 15:36 - 00002083 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-03-12 22:24 - 2014-08-24 10:56 - 00001848 _____ C:\Users\Public\Desktop\o2 Surfstick.lnk
2016-03-12 22:24 - 2014-08-16 12:52 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001063 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-12 22:24 - 2014-08-02 19:11 - 00001389 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-12 22:24 - 2009-07-14 05:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-12 22:23 - 2015-09-24 23:49 - 00001787 _____ C:\Users\My\Desktop\Spotify.lnk
2016-03-12 22:23 - 2015-03-15 16:44 - 00001005 _____ C:\Users\My\Desktop\Dropbox.lnk
2016-03-12 22:23 - 2014-10-26 14:15 - 00000871 _____ C:\Users\My\Desktop\Sam2 - Shortcut.lnk
2016-03-12 22:23 - 2014-09-07 09:31 - 00001157 _____ C:\Users\My\Desktop\Warcraft III - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:58 - 00000521 _____ C:\Users\My\Desktop\gta-vc - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:16 - 00001023 _____ C:\Users\My\Desktop\F1 Challenge 99-02 - Shortcut.lnk
2016-03-12 22:23 - 2014-08-30 18:29 - 00001395 _____ C:\Users\My\Desktop\TennisElbow - Shortcut.lnk
2016-03-12 22:23 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-12 22:23 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-12 21:12 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\ShellNew
2016-03-12 20:53 - 2014-08-16 23:12 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-27 16:40 - 2015-10-10 12:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 16:38 - 2015-10-10 12:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-15 17:10 - 2015-03-07 11:40 - 00000000 ____D C:\Users\My\Desktop\Flo

==================== Files in the root of some directories =======

2014-09-07 11:50 - 2015-03-06 23:32 - 0000511 _____ () C:\Users\My\AppData\Roaming\Taxi4.MCS
2015-11-27 12:22 - 2015-11-27 12:22 - 0000000 _____ () C:\Users\My\AppData\Local\{75FE9489-1B6F-413E-8291-39D3DE632EB4}

Some files in TEMP:
====================
C:\Users\My\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpranpvk.dll
C:\Users\My\AppData\Local\Temp\eauninstall.exe
C:\Users\My\AppData\Local\Temp\F1 Challenge 99-02_uninst.exe
C:\Users\My\AppData\Local\Temp\GURC029.exe
C:\Users\My\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\My\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\My\AppData\Local\Temp\SIntf16.dll
C:\Users\My\AppData\Local\Temp\SIntf32.dll
C:\Users\My\AppData\Local\Temp\SIntfNT.dll
C:\Users\My\AppData\Local\Temp\sqlite3.dll
C:\Users\My\AppData\Local\Temp\{F444AC50-EA77-4F7A-9DBF-507ABDE5D095}-DropboxClient_3.8.6.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-13 18:05

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---



ADDITION:

[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-15 20:33:11)
Running from C:\Users\My\Downloads
Microsoft Windows 7 Ultimate  (X86) (2014-08-03 03:07:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3687503007-941926512-4131969123-500 - Administrator - Disabled)
Guest (S-1-5-21-3687503007-941926512-4131969123-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3687503007-941926512-4131969123-1002 - Limited - Enabled)
My (S-1-5-21-3687503007-941926512-4131969123-1000 - Administrator - Enabled) => C:\Users\My

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Dropbox (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 43.0.1 (x86 de) (HKLM\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
o2 Surfstick (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.92 (HKLM\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Spotify (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10AFAF4D-3212-4357-99BA-8FD8FDD7556B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4BD42C01-C262-49F9-A2F7-26CEEF66657F} - System32\Tasks\Opera scheduled Autoupdate 1408189153 => C:\Program Files\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {5C6C7A37-D55C-4C1B-BFA6-F9EAECB5E3D0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {5EA2A56B-2250-4F26-B31B-3AE938673FCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {66C07BAF-1D9B-455E-A0CF-73D915875D7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {67C14541-55FC-4976-AA65-38C882D36EC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {97842D8B-F33F-41AD-9CF2-703F66C4B346} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {ACB514EB-4A65-4E3A-B309-9E3ED39652CA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {ADECBC8B-2A6B-45E6-A26E-BF452EA6FE80} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {AE1C87EC-B1BF-42D3-A947-83046ED31CF5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-26] (Microsoft Corporation)
Task: {BED3DC6B-DD98-48BF-949F-8E2307A777B8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {EEA19365-A1D3-46DD-8C49-6A42ED6AF852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {F4EF8597-026C-4591-858F-B9818D49DB60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-01 12:24 - 2015-05-01 12:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 12:24 - 2015-05-01 12:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-13 10:53 - 2016-03-13 10:53 - 02840576 _____ () C:\Program Files\AVAST Software\Avast\defs\16031300\algo.dll
2016-03-15 17:17 - 2016-03-15 17:17 - 02840576 _____ () C:\Program Files\AVAST Software\Avast\defs\16031500\algo.dll
2015-10-10 12:46 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-06 19:40 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00419072 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00446720 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
2015-05-01 12:24 - 2015-05-01 12:24 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-14 18:47 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-20 18:22 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-14 18:47 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-20 18:22 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-20 18:22 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-07-26 12:10 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-07 00:32 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\My\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-07 00:32 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\My\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-03-10 12:15 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\My\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
2015-10-10 12:46 - 2016-02-26 12:12 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95265C94-A551-4EED-A051-3AA751E4FC6A}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{169A63DD-8282-40CF-ADD6-A7BA16103F0C}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B853B46-8FFC-4B4E-932D-5C300DDB99D0}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{53ECD8DB-A47E-487A-8973-14FA94E0E146}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{791ACA9E-7C91-41AF-9B82-D85CE4EE8EAC}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{BADCA0F7-FB5C-4324-9E54-C4C54491B1F7}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{B986FC4B-EAC5-4AC0-93A3-19E4E77A8865}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{2CD85341-BBC0-4417-81A5-0C99AA42C77B}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{D71080FF-B5F2-4F59-B7A6-566B9CF0BEC3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{24B3E689-04E4-49EA-A300-25C05BE5B247}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{506E07C0-6A79-42CE-80AD-21D21CA3EDD4}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{C28B6765-16F9-48A8-8270-84DD1C3C9F01}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{1B5CFA3E-87DC-44C4-9E2D-D420A42920C0}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{CEB1CBE1-A549-4713-B4B3-B41AAD470404}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{52634C8B-0C84-4FBF-83FA-F71CE5B663C9}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{0527EABF-FDC1-4413-974C-89A6825C0E40}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{988A620A-753C-459D-A67E-957A58A03B1C}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{49E370D3-8AA2-47BB-8F85-452386F11C46}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE426607-B017-4D1B-A6C1-4DB214999578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{848194D7-2B56-4BB2-B035-A336540DBD1F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{798407F8-A5A0-4EDC-95BB-F7EB50CED5FF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E60DEE62-DFA3-49B1-B912-4A9F750DA919}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF841A8D-CECE-4632-AD61-F11DA1CE637D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A79A71AB-4750-4AEE-86BA-6876EF8FD1B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C659862F-5AAC-49F9-A93F-3D44CFA59FD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{31762183-F61B-458B-AD1F-E513F5CCE483}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8FC47F3-A6A7-452D-AABA-73875AB2408B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FD7F7DE-3884-439B-9145-7160FDEC1BE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09ABDFB5-EAF6-4B6B-A435-2E12122634DB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{ACA41EBA-0B47-4F82-9E7E-D41999EE174C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{45A9C267-CFA4-4A4D-AF30-8A6F66FBC7FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-03-2016 00:00:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 03:34:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ADWCLE~1.EXE version 5.1.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 143c

Start Time: 01d17d35436d1e4a

Termination Time: 16

Application Path: C:\Users\My\DOWNLO~1\ADWCLE~1.EXE

Report Id:

Error: (03/13/2016 12:13:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2984a6a2-12e2-4d93-99f2-63284fc7523e}

Error: (03/12/2016 07:22:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/12/2016 07:22:09 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/12/2016 07:22:08 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/11/2016 05:25:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/11/2016 05:25:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/11/2016 05:25:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/10/2016 05:25:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/10/2016 05:25:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {1CBF6558-C047-4796-82E5-D7AC1F678C06}


System errors:
=============
Error: (03/13/2016 09:36:14 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/13/2016 07:17:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/13/2016 03:42:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/13/2016 03:39:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056

Error: (03/13/2016 03:39:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/13/2016 03:39:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/13/2016 03:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 3 Creator service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/13/2016 03:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/13/2016 03:39:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office-Klick-und-Los-Dienst service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/13/2016 03:39:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 76%
Total physical RAM: 1993.25 MB
Available physical RAM: 467.16 MB
Total Virtual: 3986.49 MB
Available Virtual: 1559.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.92 GB) (Free:17.06 GB) NTFS
Drive d: () (Fixed) (Total:247.07 GB) (Free:220.84 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
Drive m: (FLO) (Removable) (Total:14.53 GB) (Free:13.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2DD3047)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: 50CE60FE)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

Alt 16.03.2016, 11:25   #9
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Wie wärs damit, dass diese Erweiterung schuld ist? haha Aufgepasst: Adblock Super ? Nutzer beklagen sich über Werbung

Aber gut mitgedacht mit den Logs

Schritt: 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt: 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Geändert von burningice (16.03.2016 um 11:32 Uhr)

Alt 16.03.2016, 17:50   #10
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Mann Mann, da hab ich es also selbst wieder verbockt :-/ sorry

Aber das ist ja die pure Ironie, dass gerade die Erweiterung, welche mich vor Werbung schützen soll, mit Werbung beballert

Gibt es eine gute Alternative zu dem Adblocker?

Code:
ATTFilter
# AdwCleaner v5.102 - Bericht erstellt am 16/03/2016 um 17:16:53
# Aktualisiert am 13/03/2016 von Xplode
# Datenbank : 2016-03-14.1 [Server]
# Betriebssystem : Windows 7 Ultimate  (x86)
# Benutzername : My - MY-PC
# Gestartet von : C:\Users\My\Downloads\AdwCleaner_5.102.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****

[!] Datei Nicht Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_ffhfoagmjcnkolneahbpagjcjjaeofbg_0
[!] Datei Nicht Gelöscht : C:\Users\My\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\ffhfoagmjcnkolneahbpagjcjjaeofbg

***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\Program Files\AdwCleaner\AdwCleaner[C1].txt - [13709 Bytes] - [13/03/2016 15:39:15]
C:\Program Files\AdwCleaner\AdwCleaner[C2].txt - [1247 Bytes] - [16/03/2016 17:16:53]
C:\Program Files\AdwCleaner\AdwCleaner[S1].txt - [904 Bytes] - [13/03/2016 15:33:59]
C:\Program Files\AdwCleaner\AdwCleaner[S2].txt - [12887 Bytes] - [13/03/2016 15:38:09]
C:\Program Files\AdwCleaner\AdwCleaner[S3].txt - [1355 Bytes] - [16/03/2016 17:15:26]

########## EOF - C:\Program Files\AdwCleaner\AdwCleaner[C2].txt - [1595 Bytes] ##########
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by My (administrator) on MY-PC (16-03-2016 17:29:26)
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dropbox, Inc.) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF0acA7] => C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Dropbox Update] => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Spotify Web Helper] => C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-02] (Spotify Ltd)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Avast-Browser-Cleanup] => C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe [3840080 2016-03-12] (AVAST Software)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881d3-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881df-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785882e5-2538-11e4-b7f6-001e101f8aaa} - L:\Setup.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {b7f08f6c-2573-11e4-ac08-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {d13a326a-65dc-11e4-bb84-344b50b7ef20} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {faff2e3f-1aba-11e4-ab0f-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-03-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2016-03-12]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{281396E6-30BB-4E14-80CC-FDE4B22286FB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{35787BD2-AE79-4DB1-A43B-5F88D2370FEF}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{84366F90-C50A-4ED3-AB68-CE1FB51E65DA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8F5A98F3-365A-4D40-AFCC-9F548C91752F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E66BD2C1-2B2B-4982-A275-384AB3DDB42F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3687503007-941926512-4131969123-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
BHO: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-13] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default
FF DefaultSearchEngine: V9 
FF SelectedSearchEngine: V9 
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1442918440&z=cbe61584a8c7bf1cc32d5f8g5z6z1odtfg8bfz9c6t&from=ient07031&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-22] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast SafePrice) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Google Mail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
S3 eapihdrv; C:\Users\My\AppData\Local\Temp\ehdrv.sys [135760 2016-03-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2012-10-25] (Realtek Semiconductor Corporation                           )
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2015-10-23] (Cisco Systems, Inc.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 17:14 - 2016-03-16 17:14 - 01527296 _____ C:\Users\My\Downloads\AdwCleaner_5.102.exe
2016-03-14 12:51 - 2016-03-14 12:51 - 00000000 ____D C:\Program Files\ESET
2016-03-14 12:46 - 2016-03-14 12:46 - 02870984 _____ (ESET) C:\Users\My\Downloads\esetsmartinstaller_deu.exe
2016-03-13 16:05 - 2016-03-13 16:05 - 01725440 _____ (Farbar) C:\Users\My\Downloads\FRST.exe
2016-03-13 16:01 - 2016-03-13 16:01 - 00001190 _____ C:\Users\My\Desktop\mbam.txt
2016-03-13 15:32 - 2016-03-16 17:16 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-13 15:32 - 2016-03-13 15:32 - 01524224 _____ C:\Users\My\Downloads\AdwCleaner_5.101.exe
2016-03-13 11:01 - 2016-03-15 20:33 - 00036256 _____ C:\Users\My\Downloads\Addition.txt
2016-03-13 11:00 - 2016-03-16 17:29 - 00018343 _____ C:\Users\My\Downloads\FRST.txt
2016-03-13 11:00 - 2016-03-16 17:29 - 00000000 ____D C:\FRST
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\MSDOS.SYS
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\IO.SYS
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\AppData\Roaming\Sun
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\.oracle_jre_usage
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-13 00:05 - 2016-03-13 00:05 - 00000000 ____D C:\Users\My\AppData\LocalLow\Oracle
2016-03-12 20:33 - 2016-03-13 15:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 20:32 - 2016-03-12 22:24 - 00001054 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 20:31 - 2016-03-12 20:32 - 22908888 _____ (Malwarebytes ) C:\Users\My\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 19:24 - 2016-03-12 19:25 - 03840080 _____ (AVAST Software) C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe
2016-03-12 19:23 - 2016-03-12 19:27 - 00248615 _____ C:\Users\My\Downloads\Nicht bestätigt 550384.crdownload
2016-03-03 18:06 - 2016-03-03 18:06 - 00055112 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0112015_vom_02.11.2015_20160303060617.pdf
2016-03-03 18:04 - 2016-03-03 18:05 - 00056563 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0102015_vom_01.10.2015_20160303060429.pdf
2016-02-20 18:23 - 2016-02-20 18:23 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 17:28 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 17:28 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-16 17:26 - 2015-03-15 16:44 - 00000000 ___RD C:\Users\My\Dropbox
2016-03-16 17:26 - 2015-03-13 10:44 - 00000000 ____D C:\Users\My\AppData\Roaming\Dropbox
2016-03-16 17:23 - 2015-03-06 23:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 17:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-16 17:10 - 2015-06-19 22:05 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job
2016-03-16 16:42 - 2015-03-06 23:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 15:52 - 2015-06-19 22:05 - 00001160 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job
2016-03-14 22:45 - 2015-03-06 23:55 - 00002133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 22:45 - 2015-03-06 23:55 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-13 15:39 - 2014-08-30 15:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 00:20 - 2014-08-16 20:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-13 00:20 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\ProgramData\Cisco
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\Program Files\Cisco
2016-03-13 00:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-13 00:13 - 2014-08-23 13:58 - 00000000 ____D C:\ProgramData\BioWare
2016-03-13 00:13 - 2014-08-23 13:53 - 00000000 ____D C:\ProgramData\Media Center Programs
2016-03-13 00:07 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\Program Files\Java
2016-03-13 00:06 - 2014-08-02 19:10 - 00000000 ____D C:\Users\My
2016-03-13 00:05 - 2015-03-18 16:25 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-12 22:28 - 2014-08-16 12:39 - 00000000 ____D C:\Program Files\Opera
2016-03-12 22:24 - 2015-10-01 20:01 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-10-01 20:01 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-09-24 23:49 - 00001793 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-03-12 22:24 - 2015-09-22 21:49 - 00000947 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2016-03-12 22:24 - 2015-09-22 21:18 - 00000983 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-05-01 12:24 - 00002069 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 22:24 - 2015-04-17 17:42 - 00001163 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2016-03-12 22:24 - 2015-03-07 11:52 - 00001060 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2016-03-12 22:24 - 2015-03-07 11:36 - 00001035 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2016-03-12 22:24 - 2014-08-30 15:36 - 00002083 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-03-12 22:24 - 2014-08-24 10:56 - 00001848 _____ C:\Users\Public\Desktop\o2 Surfstick.lnk
2016-03-12 22:24 - 2014-08-16 12:52 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001063 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-12 22:24 - 2014-08-02 19:11 - 00001389 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-12 22:24 - 2009-07-14 05:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-12 22:23 - 2015-09-24 23:49 - 00001787 _____ C:\Users\My\Desktop\Spotify.lnk
2016-03-12 22:23 - 2015-03-15 16:44 - 00001005 _____ C:\Users\My\Desktop\Dropbox.lnk
2016-03-12 22:23 - 2014-10-26 14:15 - 00000871 _____ C:\Users\My\Desktop\Sam2 - Shortcut.lnk
2016-03-12 22:23 - 2014-09-07 09:31 - 00001157 _____ C:\Users\My\Desktop\Warcraft III - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:58 - 00000521 _____ C:\Users\My\Desktop\gta-vc - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:16 - 00001023 _____ C:\Users\My\Desktop\F1 Challenge 99-02 - Shortcut.lnk
2016-03-12 22:23 - 2014-08-30 18:29 - 00001395 _____ C:\Users\My\Desktop\TennisElbow - Shortcut.lnk
2016-03-12 22:23 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-12 22:23 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-12 21:12 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\ShellNew
2016-03-12 20:53 - 2014-08-16 23:12 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-27 16:40 - 2015-10-10 12:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 16:38 - 2015-10-10 12:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-15 17:10 - 2015-03-07 11:40 - 00000000 ____D C:\Users\My\Desktop\Flo

==================== Files in the root of some directories =======

2014-09-07 11:50 - 2015-03-06 23:32 - 0000511 _____ () C:\Users\My\AppData\Roaming\Taxi4.MCS
2015-11-27 12:22 - 2015-11-27 12:22 - 0000000 _____ () C:\Users\My\AppData\Local\{75FE9489-1B6F-413E-8291-39D3DE632EB4}

Some files in TEMP:
====================
C:\Users\My\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpranpvk.dll
C:\Users\My\AppData\Local\Temp\eauninstall.exe
C:\Users\My\AppData\Local\Temp\F1 Challenge 99-02_uninst.exe
C:\Users\My\AppData\Local\Temp\GURC029.exe
C:\Users\My\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\My\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\My\AppData\Local\Temp\SIntf16.dll
C:\Users\My\AppData\Local\Temp\SIntf32.dll
C:\Users\My\AppData\Local\Temp\SIntfNT.dll
C:\Users\My\AppData\Local\Temp\sqlite3.dll
C:\Users\My\AppData\Local\Temp\{F444AC50-EA77-4F7A-9DBF-507ABDE5D095}-DropboxClient_3.8.6.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-13 18:05

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---

--- --- ---



[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-16 17:29:57)
Running from C:\Users\My\Downloads
Microsoft Windows 7 Ultimate  (X86) (2014-08-03 03:07:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3687503007-941926512-4131969123-500 - Administrator - Disabled)
Guest (S-1-5-21-3687503007-941926512-4131969123-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3687503007-941926512-4131969123-1002 - Limited - Enabled)
My (S-1-5-21-3687503007-941926512-4131969123-1000 - Administrator - Enabled) => C:\Users\My

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Dropbox (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 43.0.1 (x86 de) (HKLM\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
o2 Surfstick (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Opera Stable 35.0.2066.92 (HKLM\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Spotify (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10AFAF4D-3212-4357-99BA-8FD8FDD7556B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4BD42C01-C262-49F9-A2F7-26CEEF66657F} - System32\Tasks\Opera scheduled Autoupdate 1408189153 => C:\Program Files\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {5C6C7A37-D55C-4C1B-BFA6-F9EAECB5E3D0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {5EA2A56B-2250-4F26-B31B-3AE938673FCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {66C07BAF-1D9B-455E-A0CF-73D915875D7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {67C14541-55FC-4976-AA65-38C882D36EC9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {97842D8B-F33F-41AD-9CF2-703F66C4B346} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {ACB514EB-4A65-4E3A-B309-9E3ED39652CA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {ADECBC8B-2A6B-45E6-A26E-BF452EA6FE80} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {AE1C87EC-B1BF-42D3-A947-83046ED31CF5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-26] (Microsoft Corporation)
Task: {BED3DC6B-DD98-48BF-949F-8E2307A777B8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {EEA19365-A1D3-46DD-8C49-6A42ED6AF852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {F4EF8597-026C-4591-858F-B9818D49DB60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-01 12:24 - 2015-05-01 12:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 12:24 - 2015-05-01 12:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-16 15:40 - 2016-03-16 15:40 - 02841600 _____ () C:\Program Files\AVAST Software\Avast\defs\16031600\algo.dll
2015-10-10 12:46 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-06 19:40 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00419072 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00446720 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
2015-05-01 12:24 - 2015-05-01 12:24 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-14 18:47 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-20 18:22 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-14 18:47 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-20 18:22 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-20 18:22 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-07-26 12:10 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95265C94-A551-4EED-A051-3AA751E4FC6A}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{169A63DD-8282-40CF-ADD6-A7BA16103F0C}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B853B46-8FFC-4B4E-932D-5C300DDB99D0}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{53ECD8DB-A47E-487A-8973-14FA94E0E146}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{791ACA9E-7C91-41AF-9B82-D85CE4EE8EAC}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{BADCA0F7-FB5C-4324-9E54-C4C54491B1F7}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{B986FC4B-EAC5-4AC0-93A3-19E4E77A8865}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{2CD85341-BBC0-4417-81A5-0C99AA42C77B}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{D71080FF-B5F2-4F59-B7A6-566B9CF0BEC3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{24B3E689-04E4-49EA-A300-25C05BE5B247}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{506E07C0-6A79-42CE-80AD-21D21CA3EDD4}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{C28B6765-16F9-48A8-8270-84DD1C3C9F01}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{1B5CFA3E-87DC-44C4-9E2D-D420A42920C0}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{CEB1CBE1-A549-4713-B4B3-B41AAD470404}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{52634C8B-0C84-4FBF-83FA-F71CE5B663C9}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{0527EABF-FDC1-4413-974C-89A6825C0E40}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{988A620A-753C-459D-A67E-957A58A03B1C}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{49E370D3-8AA2-47BB-8F85-452386F11C46}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE426607-B017-4D1B-A6C1-4DB214999578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{848194D7-2B56-4BB2-B035-A336540DBD1F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{798407F8-A5A0-4EDC-95BB-F7EB50CED5FF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E60DEE62-DFA3-49B1-B912-4A9F750DA919}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF841A8D-CECE-4632-AD61-F11DA1CE637D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A79A71AB-4750-4AEE-86BA-6876EF8FD1B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C659862F-5AAC-49F9-A93F-3D44CFA59FD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{31762183-F61B-458B-AD1F-E513F5CCE483}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8FC47F3-A6A7-452D-AABA-73875AB2408B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FD7F7DE-3884-439B-9145-7160FDEC1BE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09ABDFB5-EAF6-4B6B-A435-2E12122634DB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{ACA41EBA-0B47-4F82-9E7E-D41999EE174C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{45A9C267-CFA4-4A4D-AF30-8A6F66FBC7FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 03:34:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ADWCLE~1.EXE version 5.1.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 143c

Start Time: 01d17d35436d1e4a

Termination Time: 16

Application Path: C:\Users\My\DOWNLO~1\ADWCLE~1.EXE

Report Id:

Error: (03/13/2016 12:13:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2984a6a2-12e2-4d93-99f2-63284fc7523e}

Error: (03/12/2016 07:22:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/12/2016 07:22:09 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/12/2016 07:22:08 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/11/2016 05:25:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/11/2016 05:25:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/11/2016 05:25:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/10/2016 05:25:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/10/2016 05:25:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {1CBF6558-C047-4796-82E5-D7AC1F678C06}


System errors:
=============
Error: (03/16/2016 05:23:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/16/2016 05:16:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/16/2016 05:16:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/16/2016 05:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 3 Creator service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2016 05:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2016 05:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office-Klick-und-Los-Dienst service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/16/2016 05:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2016 05:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/16/2016 04:14:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/13/2016 09:36:14 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 1993.25 MB
Available physical RAM: 930.41 MB
Total Virtual: 3986.49 MB
Available Virtual: 2778.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.92 GB) (Free:18.21 GB) NTFS
Drive d: () (Fixed) (Total:247.07 GB) (Free:220.84 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2DD3047)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

--- --- ---

Meine erste laienhafte Analyse nach den ersten 100 Klicks im Netz: Die Werbung ist wieder verschwunden

Hab den SuperAdBlocker natürlich direkt gelöscht. Scheiß Teil (Sorry, musste raus )

Alt 18.03.2016, 20:12   #11
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



na also :P

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
emptytemp: 
FF DefaultSearchEngine: V9  
FF SelectedSearchEngine: V9  
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1442918440&z=cbe61584a8c7bf1cc32d5f8g5z6z1odtfg8bfz9c6t&from=ient07031&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 21.03.2016, 18:57   #12
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Sorry für die späte Rückmeldung. Konnte übers Wochenende nicht an PC, hab dir jetzt aber alle Logs:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-21 18:44:25) Run:1
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Boot Mode: Normal

==============================================

fixlist content:
*****************
emptytemp: 
FF DefaultSearchEngine: V9  
FF SelectedSearchEngine: V9  
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1442918440&z=cbe61584a8c7bf1cc32d5f8g5z6z1odtfg8bfz9c6t&from=ient07031&uid=WDCXWD3200AAJS-60Z0A0_WD-WCAV2Z82011120111
*****************

Firefox DefaultSearchEngine removed successfully.
Firefox SelectedSearchEngine removed successfully.
Firefox "homepage" removed successfully.
EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:45:30 ====
         


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by My (administrator) on MY-PC (21-03-2016 18:55:00)
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 3\creator-ws.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
() C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CheckNDISPortF0acA7] => C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe [419072 2013-05-10] ()
HKLM\...\Run: [CancelAutoPlay_df] => C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe [446720 2013-05-10] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-15] (Avast Software s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Dropbox Update] => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Spotify Web Helper] => C:\Users\My\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-02] (Spotify Ltd)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Run: [Avast-Browser-Cleanup] => C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe [3840080 2016-03-12] (AVAST Software)
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881d3-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785881df-2538-11e4-b7f6-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {785882e5-2538-11e4-b7f6-001e101f8aaa} - L:\Setup.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {b7f08f6c-2573-11e4-ac08-0023242f63a6} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {d13a326a-65dc-11e4-bb84-344b50b7ef20} - K:\AutoRun.exe
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\MountPoints2: {faff2e3f-1aba-11e4-ab0f-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-01] (Avast Software s.r.o.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-03-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2016-03-12]
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{281396E6-30BB-4E14-80CC-FDE4B22286FB}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{35787BD2-AE79-4DB1-A43B-5F88D2370FEF}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{84366F90-C50A-4ED3-AB68-CE1FB51E65DA}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8F5A98F3-365A-4D40-AFCC-9F548C91752F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E66BD2C1-2B2B-4982-A275-384AB3DDB42F}: [DhcpNameServer] 192.168.0.1 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-3687503007-941926512-4131969123-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
BHO: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files\PDF Architect 3\creator-ie-helper.dll [2015-09-17] (pdfforge GmbH)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-13] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\My\AppData\Roaming\Mozilla\Firefox\Profiles\o7ydq91p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-16] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin: PDF Architect 3 -> C:\Program Files\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14]
FF HKLM\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: PDF Architect 3 Creator - C:\Program Files\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-09-22] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR Profile: C:\Users\My\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-06]
CHR Extension: (Google Docs) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-06]
CHR Extension: (Google Drive) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Avast SafePrice) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-13]
CHR Extension: (Google Tabellen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Google Mail) - C:\Users\My\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1916656 2016-02-09] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
S3 PDF Architect 3; C:\Program Files\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-01] ()
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2012-10-25] (Realtek Semiconductor Corporation                           )
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2015-10-23] (Cisco Systems, Inc.)
S3 eapihdrv; \??\C:\Users\My\AppData\Local\Temp\ehdrv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 18:44 - 2016-03-21 18:45 - 00000843 _____ C:\Users\My\Downloads\Fixlog.txt
2016-03-16 17:14 - 2016-03-16 17:14 - 01527296 _____ C:\Users\My\Downloads\AdwCleaner_5.102.exe
2016-03-14 12:51 - 2016-03-14 12:51 - 00000000 ____D C:\Program Files\ESET
2016-03-14 12:46 - 2016-03-14 12:46 - 02870984 _____ (ESET) C:\Users\My\Downloads\esetsmartinstaller_deu.exe
2016-03-13 16:05 - 2016-03-13 16:05 - 01725440 _____ (Farbar) C:\Users\My\Downloads\FRST.exe
2016-03-13 16:01 - 2016-03-13 16:01 - 00001190 _____ C:\Users\My\Desktop\mbam.txt
2016-03-13 15:32 - 2016-03-16 17:16 - 00000000 ____D C:\Program Files\AdwCleaner
2016-03-13 15:32 - 2016-03-13 15:32 - 01524224 _____ C:\Users\My\Downloads\AdwCleaner_5.101.exe
2016-03-13 11:01 - 2016-03-16 17:30 - 00035327 _____ C:\Users\My\Downloads\Addition.txt
2016-03-13 11:00 - 2016-03-21 18:55 - 00017845 _____ C:\Users\My\Downloads\FRST.txt
2016-03-13 11:00 - 2016-03-21 18:55 - 00000000 ____D C:\FRST
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\MSDOS.SYS
2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 __RSH C:\IO.SYS
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\AppData\Roaming\Sun
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Users\My\.oracle_jre_usage
2016-03-13 00:06 - 2016-03-13 00:06 - 00000000 ____D C:\Program Files\Common Files\Java
2016-03-13 00:05 - 2016-03-13 00:05 - 00000000 ____D C:\Users\My\AppData\LocalLow\Oracle
2016-03-12 20:33 - 2016-03-13 15:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 20:32 - 2016-03-12 22:24 - 00001054 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 20:32 - 2016-03-12 20:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-03-12 20:32 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-12 20:32 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-12 20:31 - 2016-03-12 20:32 - 22908888 _____ (Malwarebytes ) C:\Users\My\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-12 19:24 - 2016-03-12 19:25 - 03840080 _____ (AVAST Software) C:\Users\My\Downloads\avast-browse104-cleanup-sfx.exe
2016-03-12 19:23 - 2016-03-12 19:27 - 00248615 _____ C:\Users\My\Downloads\Nicht bestätigt 550384.crdownload
2016-03-03 18:06 - 2016-03-03 18:06 - 00055112 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0112015_vom_02.11.2015_20160303060617.pdf
2016-03-03 18:04 - 2016-03-03 18:05 - 00056563 _____ C:\Users\My\Downloads\Kontoauszug_26384000__Nr.0102015_vom_01.10.2015_20160303060429.pdf
2016-02-20 18:23 - 2016-02-20 18:23 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 18:52 - 2015-03-15 16:44 - 00000000 ___RD C:\Users\My\Dropbox
2016-03-21 18:52 - 2015-03-13 10:44 - 00000000 ____D C:\Users\My\AppData\Roaming\Dropbox
2016-03-21 18:51 - 2015-03-06 23:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 18:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-21 18:42 - 2015-03-06 23:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 18:19 - 2015-06-19 22:05 - 00001160 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job
2016-03-21 18:10 - 2015-06-19 22:05 - 00001212 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job
2016-03-18 07:49 - 2014-08-16 12:39 - 00000000 ____D C:\Program Files\Opera
2016-03-16 17:53 - 2015-10-10 12:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-16 17:52 - 2015-10-10 12:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-16 17:28 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 17:28 - 2009-07-14 05:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 22:45 - 2015-03-06 23:55 - 00002133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 22:45 - 2015-03-06 23:55 - 00002121 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-13 15:39 - 2014-08-30 15:30 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-13 00:20 - 2014-08-16 20:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-13 00:20 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\ProgramData\Cisco
2016-03-13 00:15 - 2015-10-31 00:43 - 00000000 ____D C:\Program Files\Cisco
2016-03-13 00:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-03-13 00:13 - 2014-08-23 13:58 - 00000000 ____D C:\ProgramData\BioWare
2016-03-13 00:13 - 2014-08-23 13:53 - 00000000 ____D C:\ProgramData\Media Center Programs
2016-03-13 00:07 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-13 00:06 - 2015-03-18 16:25 - 00000000 ____D C:\Program Files\Java
2016-03-13 00:06 - 2014-08-02 19:10 - 00000000 ____D C:\Users\My
2016-03-13 00:05 - 2015-03-18 16:25 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-03-12 22:24 - 2015-10-01 20:01 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-10-01 20:01 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-03-12 22:24 - 2015-09-24 23:49 - 00001793 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-03-12 22:24 - 2015-09-22 21:49 - 00000947 _____ C:\Users\Public\Desktop\PDF Architect 3.lnk
2016-03-12 22:24 - 2015-09-22 21:18 - 00000983 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-08-30 16:32 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-12 22:24 - 2015-05-01 12:24 - 00002069 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-12 22:24 - 2015-04-17 17:42 - 00001163 _____ C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
2016-03-12 22:24 - 2015-03-07 11:52 - 00001060 _____ C:\Users\Public\Desktop\TmNationsForever.lnk
2016-03-12 22:24 - 2015-03-07 11:36 - 00001035 _____ C:\Users\Public\Desktop\ManiaPlanet.lnk
2016-03-12 22:24 - 2014-08-30 15:36 - 00002083 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2016-03-12 22:24 - 2014-08-24 10:56 - 00001848 _____ C:\Users\Public\Desktop\o2 Surfstick.lnk
2016-03-12 22:24 - 2014-08-16 12:52 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-12 22:24 - 2014-08-16 12:39 - 00001063 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-12 22:24 - 2014-08-02 19:11 - 00001389 _____ C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-03-12 22:24 - 2009-10-14 10:52 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-03-12 22:24 - 2009-07-14 05:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-03-12 22:24 - 2009-07-14 05:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-03-12 22:23 - 2015-09-24 23:49 - 00001787 _____ C:\Users\My\Desktop\Spotify.lnk
2016-03-12 22:23 - 2015-03-15 16:44 - 00001005 _____ C:\Users\My\Desktop\Dropbox.lnk
2016-03-12 22:23 - 2014-10-26 14:15 - 00000871 _____ C:\Users\My\Desktop\Sam2 - Shortcut.lnk
2016-03-12 22:23 - 2014-09-07 09:31 - 00001157 _____ C:\Users\My\Desktop\Warcraft III - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:58 - 00000521 _____ C:\Users\My\Desktop\gta-vc - Shortcut.lnk
2016-03-12 22:23 - 2014-09-06 20:16 - 00001023 _____ C:\Users\My\Desktop\F1 Challenge 99-02 - Shortcut.lnk
2016-03-12 22:23 - 2014-08-30 18:29 - 00001395 _____ C:\Users\My\Desktop\TennisElbow - Shortcut.lnk
2016-03-12 22:23 - 2009-07-14 05:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-03-12 22:23 - 2009-07-14 05:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-03-12 21:12 - 2009-07-14 08:49 - 00000000 ____D C:\Windows\ShellNew
2016-03-12 20:53 - 2014-08-16 23:12 - 00000000 ____D C:\Users\My\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2014-09-07 11:50 - 2015-03-06 23:32 - 0000511 _____ () C:\Users\My\AppData\Roaming\Taxi4.MCS
2015-11-27 12:22 - 2015-11-27 12:22 - 0000000 _____ () C:\Users\My\AppData\Local\{75FE9489-1B6F-413E-8291-39D3DE632EB4}

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 16:39

==================== End of FRST.txt ============================
         
--- --- ---



[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-21 18:55:34)
Running from C:\Users\My\Downloads
Microsoft Windows 7 Ultimate  (X86) (2014-08-03 03:07:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3687503007-941926512-4131969123-500 - Administrator - Disabled)
Guest (S-1-5-21-3687503007-941926512-4131969123-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3687503007-941926512-4131969123-1002 - Limited - Enabled)
My (S-1-5-21-3687503007-941926512-4131969123-1000 - Administrator - Enabled) => C:\Users\My

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Dropbox (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManiaPlanet (HKLM\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 43.0.1 (x86 de) (HKLM\...\Mozilla Firefox 43.0.1 (x86 de)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
o2 Surfstick (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Opera Stable 36.0.2130.32 (HKLM\...\Opera 36.0.2130.32) (Version: 36.0.2130.32 - Opera Software)
PDF Architect 3 (HKLM\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Spotify (HKU\S-1-5-21-3687503007-941926512-4131969123-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WinRAR 5.10 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3687503007-941926512-4131969123-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\My\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3436CB-7630-41A3-AC8C-0742BA64E7C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {10AFAF4D-3212-4357-99BA-8FD8FDD7556B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {3CB0D083-0FD2-4EEB-9873-1BC6422B873B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5C6C7A37-D55C-4C1B-BFA6-F9EAECB5E3D0} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {5EA2A56B-2250-4F26-B31B-3AE938673FCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {66C07BAF-1D9B-455E-A0CF-73D915875D7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6FB273E4-68E4-4C7D-A9E5-5FC54096BDEC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {97842D8B-F33F-41AD-9CF2-703F66C4B346} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {980F13AE-6F4C-4552-B3F6-6B23FD5100FA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {AE1C87EC-B1BF-42D3-A947-83046ED31CF5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-16] (Microsoft Corporation)
Task: {BED3DC6B-DD98-48BF-949F-8E2307A777B8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {D68D345D-CF8D-452D-BCE4-1685CEA8E28C} - System32\Tasks\Opera scheduled Autoupdate 1408189153 => C:\Program Files\Opera\launcher.exe [2016-03-14] (Opera Software)
Task: {F4EF8597-026C-4591-858F-B9818D49DB60} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000Core.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3687503007-941926512-4131969123-1000UA.job => C:\Users\My\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-01 12:24 - 2015-05-01 12:24 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 12:24 - 2015-05-01 12:24 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-21 18:06 - 2016-03-21 18:06 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16032101\algo.dll
2015-10-10 12:46 - 2015-10-13 02:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-11-06 19:40 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00419072 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CheckNDISPort_df.exe
2014-08-24 10:56 - 2013-05-10 12:03 - 00446720 _____ () C:\Program Files\Hostless Modem\o2 Surfstick\CancelAutoPlay_df.exe
2015-05-01 12:24 - 2015-05-01 12:24 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-14 18:48 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-14 18:48 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-14 18:47 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 18:48 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-20 18:22 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 18:48 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-14 18:47 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-20 18:22 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-20 18:22 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-14 18:48 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-14 18:47 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-14 18:48 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-20 18:22 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-20 18:22 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-20 18:22 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-14 18:48 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-14 18:47 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-07-26 12:10 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3687503007-941926512-4131969123-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95265C94-A551-4EED-A051-3AA751E4FC6A}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{169A63DD-8282-40CF-ADD6-A7BA16103F0C}] => (Allow) C:\Users\My\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6B853B46-8FFC-4B4E-932D-5C300DDB99D0}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{53ECD8DB-A47E-487A-8973-14FA94E0E146}] => (Allow) C:\Users\My\Downloads\sacred_2_gold_edition_english_language_pack_downloader (1).exe
FirewallRules: [{791ACA9E-7C91-41AF-9B82-D85CE4EE8EAC}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{BADCA0F7-FB5C-4324-9E54-C4C54491B1F7}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe
FirewallRules: [{B986FC4B-EAC5-4AC0-93A3-19E4E77A8865}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{2CD85341-BBC0-4417-81A5-0C99AA42C77B}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe
FirewallRules: [{D71080FF-B5F2-4F59-B7A6-566B9CF0BEC3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{24B3E689-04E4-49EA-A300-25C05BE5B247}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{506E07C0-6A79-42CE-80AD-21D21CA3EDD4}] => (Allow) D:\f1 2012\Steam.exe
FirewallRules: [{C28B6765-16F9-48A8-8270-84DD1C3C9F01}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{1B5CFA3E-87DC-44C4-9E2D-D420A42920C0}] => (Allow) D:\f1 2012\bin\steamwebhelper.exe
FirewallRules: [{CEB1CBE1-A549-4713-B4B3-B41AAD470404}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{52634C8B-0C84-4FBF-83FA-F71CE5B663C9}] => (Allow) D:\f1 2012\SteamApps\common\F1 2012\F1_2012.exe
FirewallRules: [{0527EABF-FDC1-4413-974C-89A6825C0E40}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{988A620A-753C-459D-A67E-957A58A03B1C}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{49E370D3-8AA2-47BB-8F85-452386F11C46}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CE426607-B017-4D1B-A6C1-4DB214999578}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{848194D7-2B56-4BB2-B035-A336540DBD1F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{798407F8-A5A0-4EDC-95BB-F7EB50CED5FF}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E60DEE62-DFA3-49B1-B912-4A9F750DA919}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF841A8D-CECE-4632-AD61-F11DA1CE637D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A79A71AB-4750-4AEE-86BA-6876EF8FD1B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C659862F-5AAC-49F9-A93F-3D44CFA59FD5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{31762183-F61B-458B-AD1F-E513F5CCE483}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B8FC47F3-A6A7-452D-AABA-73875AB2408B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FD7F7DE-3884-439B-9145-7160FDEC1BE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{09ABDFB5-EAF6-4B6B-A435-2E12122634DB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{ACA41EBA-0B47-4F82-9E7E-D41999EE174C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{45A9C267-CFA4-4A4D-AF30-8A6F66FBC7FB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-03-2016 00:36:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 03:34:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ADWCLE~1.EXE version 5.1.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 143c

Start Time: 01d17d35436d1e4a

Termination Time: 16

Application Path: C:\Users\My\DOWNLO~1\ADWCLE~1.EXE

Report Id:

Error: (03/13/2016 12:13:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2984a6a2-12e2-4d93-99f2-63284fc7523e}

Error: (03/12/2016 07:22:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/12/2016 07:22:09 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/12/2016 07:22:08 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {772A6E62-C5FD-449A-873C-5C07FACBDB61}

Error: (03/11/2016 05:25:21 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/11/2016 05:25:21 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/11/2016 05:25:20 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0E405D4A-A71F-4272-B556-537BEA497742}

Error: (03/10/2016 05:25:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (03/10/2016 05:25:15 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {1CBF6558-C047-4796-82E5-D7AC1F678C06}


System errors:
=============
Error: (03/21/2016 06:50:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/16/2016 05:23:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/16/2016 05:16:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/16/2016 05:16:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/16/2016 05:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 3 Creator service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2016 05:16:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Mobile Broadband HL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2016 05:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office-Klick-und-Los-Dienst service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/16/2016 05:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2016 05:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/16/2016 04:14:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 1993.25 MB
Available physical RAM: 984.57 MB
Total Virtual: 3986.49 MB
Available Virtual: 2856.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.92 GB) (Free:19.26 GB) NTFS
Drive d: () (Fixed) (Total:247.07 GB) (Free:220.84 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B2DD3047)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=247.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

Alt 23.03.2016, 09:45   #13
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
cmd: NetSh Advfirewall set allrprofiles state on
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 23.03.2016, 15:43   #14
Stan87
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by My (2016-03-23 15:42:06) Run:2
Running from C:\Users\My\Downloads
Loaded Profiles: My (Available Profiles: My)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Task: {C8199FC4-0896-4662-9EB6-AB9F57C38499} - \Update Service YourFileDownloader -> No File <==== ATTENTION
cmd: NetSh Advfirewall set allrprofiles state on
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8199FC4-0896-4662-9EB6-AB9F57C38499}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8199FC4-0896-4662-9EB6-AB9F57C38499}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service YourFileDownloader => key not found. 

=========  NetSh Advfirewall set allrprofiles state on =========

The following command was not found: Advfirewall set allrprofiles state on.

========= End of CMD: =========


==== End of Fixlog 15:42:09 ====
         
Stelle keinerlei Probleme fest, abgesehen davon, dass ich keinen ADBlocker mehr habe

Alt 25.03.2016, 13:52   #15
burningice
/// Malwareteam
 
"fraudtool.yac" beherrscht meinen PC - Standard

"fraudtool.yac" beherrscht meinen PC



Bitte aktiviere deine Firewall.

Die Logs von deinem Rechner sehen jetzt für mich sauber aus: Herzlichen Glückwunsch - du bist Clean



Zum Schluss müssen wir noch etwas aufräumen und ich gebe dir ein paar Hinweise mit auf den Weg:

Wichtig: Entfernen der verwendeten Tools
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Malwarebytes Anti-Malware und ESET kannst du als Ergänzung zu deiner bestehenden Antivirus-Lösung auf dem Computer belassen und deinen Computer damit regelmäßig scannen.


Persönliche Empfehlungen
Das wichtigste zu erst:
  • Aktiviere unbedingt die automatischen Updates von Windows und stelle auch sicher, dass diese regelmäßig installiert werden.
  • Aktiviere immer eine Firewall - die in Windows integrierte reicht dazu vollkommen aus.
  • Verwende immer ein Antivirenprogramm und stelle sicher, dass es sich regelmäßig aktualisiert.

    Wenn du kein Geld ausgeben möchtest, empfehle ich dir auf Windows 8.1 bzw. Windows 10 einfach den Defender zu benutzen. Solltest du noch Windows 7 verwenden, verwende als kostenlose Lösung die Microsoft Security Essentials.

    Wenn dir etwas besserer Schutz mit Verhaltenserkennung etwas wert ist, um so auch optimalerweise ganz neue Schadsoftware zu erkennen, empfehle ich dir eine der beiden folgenden Lösungen:


Schutz vor unerwünschter Software
Adware ist zu einer Art permanenten Bedrohung geworden, weil immer mehr Programme versuchen, einem beim Installieren noch was anderes unterzujubeln - und wie schnell hat man da ein Häkchen übersehen?

Darum: pass auf, wenn du dir Software aus dem Internet herunterlädst! Viele Portale im Internet wie Chip, Softonic und Sourceforge versuchen häufig, dir Adware oder sonstige Downloader mit unerwünschten Programmen unterzujubeln. Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal, wie von FilePony.de.
Lese dir dazu auch folgenden Artikel durch: CHIP-Installer - was ist das? - Anleitungen

Selbst wenn du ein Programm von einer seriösen Quelle heruntergeladen hast, ist das keine Garantie, dass dein Programm nicht doch versucht, unerwünschte Änderungen an deinem Computer vorzunehmen. So versuchen immer mehr Programme, durch modifizierte Installationsroutinen unerwünschte Programme mit auf deinen PC zu schleusen. Das klappt leider auch häufig, weil viele Anwender nicht lesen, was auf dem Bildschirm steht und stattdessen schnell durchklicken.
Deshalb: Wenn du ein Programm installierst, wähle immer die benutzerdefinierte Installation und schaue, was du da gerade eigentlich alles mit einem Klick auf "Ok" oder "Weiter" abnickst - entferne entsprechend die Haken bei Dingen, die du nicht möchtest. Wer lesen kann, ist klar im Vorteil!

Benutze keine Optimizer, Cleaner oder sonstige SpeedUp Wunder, da diese Tools fast nie einen auch nur messbaren Performancegewinn bringen.
Du kannst jedoch regelmäßig auf deinem PC die Datenträgerbereinigung ausführen, so gewinnst du belegten Speicherplatz zurück.

Aktiviere in deiner Virenschutzlösungen den "Schutz vor potentiell unerwünschter Software", um dich bestmöglich zu schützen.

Guter Trick: Wenn du den kostenlosen Windows Defender benutzt (ab Windows 8), kannst du einen vergleichbaren Schutz durch einen kleinen Trick auch nutzen! Lese dazu folgenden Artikel um dich mehr zu informieren: Windows mit verstecktem Adware-Killer
Zum aktivieren dieses "Tricks" lade einfach nur diese Datei und führe sie aus: MpEnablePlus.reg

Tipps, um dein System sicherer zu machen
Halte immer deine Plug-ins und Software, insbesondere deinen Browser aktuell. Deinstalliere wenn möglich Java und den Adobe Flashplayer von deinem Computer. Neuerdings benötigt man sie fast nie mehr und stellen darum nur mehr eine unnötige Sicherheitslücke auf deinem Computer dar. Wenn du sie doch unbedingt benötigst, halte sie aber unbedingt aktuell.

Weiters kannst du dir Malwarebytes Anti-Exploit installieren. Es schützt gegen viele aktuelle Sicherheitslücken und erhöht so deine Sicherheit.

Passwörter
Ändere regelmäßig deine Passwörter! Zudem musst du sichere Passwörter benutzen, das bedeutet: mindestens 8 Zeichen, Groß- und Kleinbuchstaben und Sonderzeichen.
Ganz wichtig: benutze pro Account ein anderes Passwort!
Tipp: Benutze einen Spruch, den du dir leicht merken kannst, als Hilfe für ein Passwort! Zum Beispiel: Der Himmel ist blau und wenn es regnet?-grau ==> DHibuwer?-grau


Unterstütze uns und empfiehl uns weiter

Du kennst Freunde und Bekannte, die Probleme mit ihrem Computer haben? Schick sie doch zu uns auf das Trojaner Board, wir helfen gerne

Wenn du uns mit einer Spende unterstützen möchtest, freuen wir uns sehr und dies kannst du hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html Herzlichen Dank dafür

Wir machen diese Tätigkeit hier freiwillig, darum freue ich mich besonders über ein kurzes Danke, wenn du mit mir zufrieden warest oder sonst über Verbesserungsvorschläge - das kannst du gerne hier machen

Besuche und like unsere Facebook-Seite!


Danke für deine Mitarbeit und alles Gute!

Bitte gib mir Bescheid, wenn du das alles gelesen hast und du keine weiteren Fragen mehr hast.
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Antwort

Themen zu "fraudtool.yac" beherrscht meinen PC
anti-malware, cpu, dateien, euro, festgestellt, folge, fraudtool.yac, funktioniert, gelöscht, infiziert, infizierte, internet, klicke, logfile, lösung, malware, malwaresoftware, neue, problem, seite, seiten, spyhunter, startseite, super, surfen, tab, unbedingt, viren, virus, windows, öffnet




Ähnliche Themen: "fraudtool.yac" beherrscht meinen PC


  1. "Digital More Ads" Popups fluten meinen Browser trotz Adblocker
    Log-Analyse und Auswertung - 20.05.2015 (9)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. Wie kann ich "en.eazel.com" aus meinen Browsern entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.09.2013 (1)
  5. Win8 (sonyvaio) "nach" GVU-Virus Rundll-Fehlermeldung - wie bereinige ich meinen Rechner?
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (13)
  6. "System Care Antivirus" hat meinen Rechner in seiner Gewalt
    Log-Analyse und Auswertung - 16.05.2013 (12)
  7. Neue Form des "Microsoft Security Essentials Alert" ? blockt meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  8. Website scheint meinen PC atttackiert zu haben- "Windows geblockt"
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (14)
  9. Kein Zugriff auf meinen Laptop, Meldung von der "Bundespolizei"
    Log-Analyse und Auswertung - 23.11.2011 (8)
  10. "Bundespolizei" beherrscht nun auch meinen Rechner
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (5)
  11. Programm "Spyware Protection" legt meinen Computer lahm und will gekauft werden.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (2)
  12. Suche Hilfe bei meinen "HiJackThis LogFile"!
    Log-Analyse und Auswertung - 13.08.2010 (1)
  13. Logfile - nach Versuch von "twgg.org" meinen Computer zu "reinigen"
    Log-Analyse und Auswertung - 28.05.2010 (5)
  14. Wie stelle ich über "CPU Quiet Fan" meinen CPU-Lüfter richtig ein?
    Netzwerk und Hardware - 24.03.2009 (3)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. avp.exe "lähmt" in letzter Zeit meinen Rechner
    Log-Analyse und Auswertung - 08.08.2007 (14)
  17. avp.exe "lähmt" in letzter Zeit meinen Rechner
    Mülltonne - 05.08.2007 (0)

Zum Thema "fraudtool.yac" beherrscht meinen PC - Hallo zusammen, ich bin super froh diese Seite gefunden zu haben und hoffe, dass mir jemand helfen kann. Leider muss ich gleich vorab sagen, dass ich jetzt nicht unbedingt ein - "fraudtool.yac" beherrscht meinen PC...
Archiv
Du betrachtest: "fraudtool.yac" beherrscht meinen PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.