Virenmeldung von Reimage bei Versuch dll Dateinen zu reparieren

NH71 · 11.05.2017, 16:39

Code:

ATTFilter


	Code: 

 ATTFilter

  
	Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Sarah (11-05-2017 17:28:32)
Running from C:\Users\Sarah\Desktop
Windows 8.1 (Update) (X64) (2015-05-28 19:21:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1580146942-300429447-1193542625-500 - Administrator - Disabled)
Guest (S-1-5-21-1580146942-300429447-1193542625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1580146942-300429447-1193542625-1008 - Limited - Enabled)
papa admin (S-1-5-21-1580146942-300429447-1193542625-1006 - Administrator - Enabled) => C:\Users\papa admin
Sarah (S-1-5-21-1580146942-300429447-1193542625-1001 - Administrator - Enabled) => C:\Users\Sarah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abenteuer auf dem Reiterhof - Die wilden Mustangs (HKLM-x32\...\{F715F7A4-67BA-11DD-93EF-B74D56D89593}) (Version: 1.00.0000 - Phoenix Interactive)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alicia (HKLM-x32\...\Alicia) (Version: 1.0.0.0 - NtreevSoft)
AMD Catalyst Install Manager (HKLM\...\{2A570AD7-943C-944A-262B-4794578E8E33}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - Nordic Games GmbH)
ArtRage Studio (HKLM-x32\...\{A35086FB-486A-47FB-8D29-92A7DA63B0D2}) (Version: 3.5.12 - Ambient Design)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
FireAlpaca 1.4.1 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.4.1 - firealpaca.com)
flockmod tablet edition (HKLM-x32\...\flockmod-air-tablet-ed) (Version: 1.4.0 - UNKNOWN)
flockmod tablet edition (x32 Version: 1.4.0 - UNKNOWN) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Frets On Fire (HKLM-x32\...\Frets on Fire) (Version: 1.3.110-win32 - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\195fa74437467f40) (Version: 2.3.4.0 - AVM Berlin)
Gameforge Live 2.0.11 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.11 - Gameforge)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.1.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version:  - )
ICA (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{694000a5-c594-49d2-b6e4-ef3960120b0f}) (Version: 17.1.0 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
Krita Desktop (x64) 2.9.7.6 (HKLM\...\{4A62AB27-ED63-4A93-B708-05440FCE4298}) (Version: 2.9.7.6 - Krita Foundation)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio Debut 4.0 (HKLM-x32\...\Manga Studio Debut 4.0) (Version:  - )
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MediBang Paint Pro 8.0 (32-bit) (HKLM-x32\...\MediBang Paint Pro_is1) (Version: 8.0 - Medibang)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.8.36918 - Electronic Arts, Inc.)
PaintTool SAI version 1.2.0 (HKLM-x32\...\{53BB7213-AC5D-4437-968B-46EA40684B6C}_is1) (Version: 1.2.0 - SystemaxJP, Inc.)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.49.1796.3 - Hi-Rez Studios)
PSPPContent (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPro64 (Version: 14.2.0.1 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.014 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7363 - Realtek Semiconductor Corp.)
Riding Club Championships (HKLM\...\Steam App 509420) (Version:  - Artplant)
Riding Star 2 (Nur Entfernen) (HKLM-x32\...\Riding Star 2) (Version:  - )
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 14.2.0.1 - Ihr Firmenname) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lost Crown version 1.2.1 (HKLM-x32\...\The Lost Crown_is1) (Version: 1.2.1 - Darkling Room)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience)
True Color (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Twin Saga DE (HKLM-x32\...\Twin Saga DE) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {065423C8-4C1E-404F-B289-CC86213E4D01} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {11C3C4D3-DC00-4547-950E-2536F7ECE2D8} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {2ECB42B9-FEA1-4283-B18B-602D7DA0E877} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {5F23B762-A73E-4865-94C1-4E58C32EC91C} - System32\Tasks\SafeZone scheduled Autoupdate 1454690922 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {5F6BC444-6BC6-424B-B938-1A441E8694AF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {636B698E-4B0C-4650-9B9C-06DA0A8462C9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {65C95D87-1454-4473-8B4A-657217D5DD1C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {8BA883E6-FDCC-445C-BE73-14CD04CA3E68} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {A3D84FAD-53ED-44C3-AA71-3CD86A8CB035} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {B070CC6E-9810-4BAD-BE95-6486924FE772} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D7CFB08F-EBBF-4816-BAF0-D6124AAB693B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {DBDA5509-DBAE-4E96-8DCC-9D62022CF324} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E3CC9D1D-44A1-414C-A049-24B4B01DA473} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {E569C4CC-4038-4043-8CA8-47FFCC30996B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-07] (AVAST Software)
Task: {F570011B-15A6-4380-ADBE-E7BF5C4A9AD8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe 
Task: {F96500E8-CDE3-4559-8F0F-252DF06BED69} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F97C46B5-6CA0-439C-B4FA-35E33C5D3E5C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {FA976113-C614-4E7C-BDE9-7082F311258B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-28] (AVAST Software)
Task: {FBF17B45-EC2A-457D-9EC6-0C1E5C66B9F0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {FDB6D4E0-3370-422F-AC07-FCBA52BB1E8D} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-20] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-25 08:27 - 2014-12-25 08:27 - 00094160 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2015-06-25 08:53 - 2015-06-25 08:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2017-05-07 16:34 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-05-07 16:34 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-04-07 18:06 - 2014-04-07 18:06 - 00466944 _____ () C:\Windows\system32\DPPPlugin.dll
2015-03-23 23:33 - 2014-06-05 00:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2015-03-23 23:33 - 2014-06-05 00:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2015-03-23 23:33 - 2014-06-05 00:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-05-30 18:24 - 2014-05-21 18:14 - 01356568 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-03-23 22:16 - 2015-09-05 23:42 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2015-12-05 15:14 - 2015-11-23 17:05 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2014-10-10 18:37 - 2014-10-10 18:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-07 15:51 - 2017-05-07 15:51 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sarah\Pictures\Hintergründe\maxresdefault.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02AAD68B-13CC-4D77-8340-B339D32AFB61}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{541B55AB-6CE2-400A-BDC9-DF06DC366AFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C026F55B-14EB-482E-A196-6AF5CBEC49AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F7C3E72-31A4-4A97-A8D6-8167EB643F28}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{E059C0A7-990B-4EF8-8539-84BB8A51C979}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1EF03B25-08D9-4CB6-9619-52AABB4B494A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{20A990DC-7F27-4AC6-BC10-AEDE4227E78F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{C1904E5E-4D6F-49BE-8EE4-FA9CE6CFC3FE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CD5A63B8-42AA-43BD-80F0-E2FE9DFD9884}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{260BF685-D974-4319-B794-12210F812408}C:\program files (x86)\deep silver\horse life\autorun.exe] => (Block) C:\program files (x86)\deep silver\horse life\autorun.exe
FirewallRules: [UDP Query User{724E3C35-CBE4-43D5-950B-36E221ACD741}C:\program files (x86)\deep silver\horse life\autorun.exe] => (Block) C:\program files (x86)\deep silver\horse life\autorun.exe
FirewallRules: [TCP Query User{AE7020BB-E413-4488-9572-A6993109D250}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{85263735-F83F-466B-BE9F-1193D7FE4E3D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DB446EDB-492D-4010-A5B4-1BC0A12E9744}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0E40CC18-5A3D-4FFF-BB7C-DBED92F4C46F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{49BCABE9-BBA2-4AA1-ABA3-308B1A30121E}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{024F5CF1-F807-4E1F-881D-B55F173ECE04}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{27A218C9-474B-4668-89F0-D5BEE9515474}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DB1FDDA-1C3D-4C6E-82E3-984F080A7703}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0EBAF9A0-BEBB-42D8-800E-A46E82B0210E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{5563583E-B0E1-4188-830C-B798FEDF45CA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{41A089A7-E9EA-4564-BFE4-03A7995B0357}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1D0FB206-644F-4B01-ABB4-D1350F0D2112}] => (Allow) LPort=2869
FirewallRules: [{8020E7F3-FD7D-40B5-B7CA-4439289B05EC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C896C8BC-D1A6-4632-B18C-00078EF405D4}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{F4BB8DEA-260E-4454-90BC-5FDBD9ADB50F}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{1590CDAC-8EC9-4CFA-AC9E-15F70E25A30B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AA54BB8-B927-47C8-9699-73B1AEB31E2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0D04F30F-45BE-4412-8960-EA6437D665AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D24B2139-06AF-4683-B6A6-1A7F17964629}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7DD02DD-E4EB-406F-96D8-69869AF2CDE7}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E1F71C50-7E88-4FBD-ACB6-55839DF1CFBF}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{326A3BF7-966F-4F52-AD24-9594811C72A3}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{F16AC08F-87B6-4633-A746-0D59DFCF2D1A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C625C9A3-EC0A-42BF-9CF8-EDDE152C13F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{84B93C6F-62E1-40E4-B87A-655AF9BAAF78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [TCP Query User{772A04BD-FFE3-487B-9184-2D8E2495F519}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{B0665C13-43E9-4FA6-A730-614E522B6E21}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{8F62C283-EF42-4F47-B107-589AF53EBDA4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9534CDF9-B24D-40B2-B6A2-9AC433956D38}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{841DC423-8D1D-4AF2-9D4A-5CB316E9E09C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{A1D21670-23E6-47DD-AB5C-993C5B873CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [TCP Query User{59EA195C-58B6-49E8-841D-B4C355BDD79D}C:\program files\maple 18\jre\bin\maple.exe] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{D713203F-5654-4F45-827B-380CB0857234}C:\program files\maple 18\jre\bin\maple.exe] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [TCP Query User{600161C9-CD03-494D-9AE7-B52F5DCF5984}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{12D44C1E-FE3A-4DFE-820F-607EA23A4618}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D4F8382E-C667-46FA-B85E-A21A20A1DD12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{5432DDA0-7AAD-4C0A-857F-881B53E987C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{BF06EF00-6963-4438-A0B8-C0FE91876996}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{147D5682-530E-4A94-8440-969C43FE1D20}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [TCP Query User{109497A3-4868-4C6F-9BE1-28D8249EDFD7}C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe] => (Block) C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{87312F97-97A9-45F6-9A08-FB44734D3C1C}C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe] => (Block) C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{A4473DE0-E065-4D09-AE4D-A02FB0190E7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1AAEF791-6AB9-4A28-8506-9BF5F428D673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1ED98C21-CCC8-436B-8389-1EE29EE6BD6E}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{24905A95-7A6F-4688-AD3D-5F14441A06D8}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{9FEF3DAB-8700-4A09-ACA6-8BAF7CC07939}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [TCP Query User{AEA3CF56-BCE4-483E-965E-5AECB2E5F3B7}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [UDP Query User{7921F6FA-F432-4513-8E52-61080DA2C32A}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [{530EF970-50EE-46A7-9D37-06054DAADD99}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{95E240C1-383D-4E8C-84F8-D62CC5865FF6}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F67BEDFD-6F4D-4C5D-8151-9D4CDAA1C4FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RidingClubChampionships\rcc.exe
FirewallRules: [{54C37421-867D-462F-8FA0-957FF04F86F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RidingClubChampionships\rcc.exe
FirewallRules: [{DC8D09E5-3878-49B9-A84F-45CF10A5D4B4}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{96777B42-7D8A-4E60-B6EB-A3580A2612A7}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5758B12D-7421-46A4-AF1F-1335AAF08A5C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7C9AE3E-D680-4FB7-9DAE-AA8CF6F1F4FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BCCFE84F-72C2-4F6D-9A94-53D78E77AEBA}] => (Allow) C:\AeriaGames\TwinSaga-DE\game.bin
FirewallRules: [{8FE71C08-C6B7-4EE8-95CA-62141112483A}] => (Allow) C:\AeriaGames\TwinSaga-DE\game.bin
FirewallRules: [TCP Query User{80C64DF3-A288-4721-A24F-942514B2766B}C:\users\sarah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sarah\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E087CF16-BF43-4085-A986-B42AEF455D75}C:\users\sarah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sarah\appdata\local\akamai\netsession_win.exe
FirewallRules: [{CD175CDD-5D8B-4E22-8315-40F79F92E45A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{FA1FCF40-0F76-435A-ABF4-EDA0E19DA96A}] => (Allow) C:\Users\Sarah\AppData\Local\Gametree\Alicia\Alicia.exe
FirewallRules: [{3C893A62-2A4C-4810-B38A-8968168A4946}] => (Allow) C:\Users\Sarah\AppData\Local\Gametree\Alicia\Alicia.exe
FirewallRules: [{541F72FB-2CCE-4A2D-B640-6DCBB2754A3C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

==================== Restore Points =========================

01-04-2017 13:10:19 Installiert Blade & Soul
23-04-2017 15:34:21 Installed CLIP STUDIO PAINT
04-05-2017 16:11:48 Removed Hi-Rez Studios Games
07-05-2017 16:13:29 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2017 06:55:26 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/10/2017 06:55:25 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/10/2017 06:54:37 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Vom Ereignisanbieter "IntelWLANEventProvider" wurde versucht, die Abfrage "select * from CIntelQosEvent" zu registrieren, deren Zielklasse "CIntelQosEvent" im Namespace "//./root/default" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (05/10/2017 06:54:37 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Vom Ereignisanbieter "IntelWLANEventProvider" wurde versucht, die Abfrage "select * from CIntelDot1xEvent" zu registrieren, deren Zielklasse "CIntelDot1xEvent" im Namespace "//./root/default" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (05/10/2017 06:54:37 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Vom Ereignisanbieter "IntelWLANEventProvider" wurde versucht, die Abfrage "select * from CIntelWLANEvent" zu registrieren, deren Zielklasse "CIntelWLANEvent" im Namespace "//./root/default" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (05/07/2017 04:57:58 PM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: Event-ID 4

Error: (05/07/2017 04:52:28 PM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: Event-ID 4

Error: (05/07/2017 04:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MRT.exe, Version: 5.47.13703.0, Zeitstempel: 0x58dec9f9
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.18202, Zeitstempel: 0x569e6ee3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003a02f
ID des fehlerhaften Prozesses: 0xa60
Startzeit der fehlerhaften Anwendung: 0x01d2c73ac67c29b7
Pfad der fehlerhaften Anwendung: C:\Windows\system32\MRT.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\combase.dll
Berichtskennung: 4efe9529-332e-11e7-8289-f406692ad0b8
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/07/2017 02:58:07 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/07/2017 02:58:07 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>


System errors:
=============
Error: (05/10/2017 08:21:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (05/07/2017 04:47:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (05/07/2017 04:47:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/07/2017 04:47:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (05/07/2017 04:40:59 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1580146942-300429447-1193542625-1001-05072017164058215-ntuser.dat

Error: (05/07/2017 04:35:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1580146942-300429447-1193542625-1001-05072017163550767-ntuser.dat

Error: (05/07/2017 04:29:37 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat.

Error: (05/07/2017 04:29:32 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: Der Ereignisprotokollierungsdienst hat beim Aktivieren des Herausgebers "{0BF2FB94-7B60-4B4D-9766-E82F658DF540}" für den Kanal "Microsoft-Windows-Kernel-ShimEngine/Operational" einen Fehler (5) erkannt. Dieser Fehler hat keinen Einfluss auf den Betrieb des Kanals, beeinträchtigt jedoch die Fähigkeit des Herausgebers, Ereignisse für den Kanal auszulösen. Dieser Fehler ist oft darauf zurückzuführen, dass der Anbieter die ETW-Anbietersicherheit verwendet und der Ereignisprotokoll-Dienstidentität keine Berechtigungen zum Aktivieren gewährt hat.

Error: (05/07/2017 04:29:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (05/07/2017 04:29:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


CodeIntegrity:
===================================
  Date: 2017-05-07 16:46:31.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 16:27:47.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 15:53:02.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 15:43:05.362
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-04 15:51:29.729
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-24 20:21:02.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-24 14:34:19.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-15 19:49:17.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-29 21:20:06.496
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-07 19:43:34.696
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 8106.45 MB
Available physical RAM: 4766.56 MB
Total Virtual: 9514.45 MB
Available Virtual: 5747.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.94 GB) (Free:681.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4C1244D)

Partition: GPT.

==================== End of Addition.txt ============================

M-K-D-B · 12.05.2017, 19:57

Servus,

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3

Starte die FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

NH71 · 13.05.2017, 11:12

Halllo
hier die logs
allerdings war der Ordner C:\Users\Sarah\Desktop\OCS ein Bilderordner meiner Tochter.
Zum Glück hab ich die Bilder noch mal gesichert sonst

Code:

ATTFilter

# AdwCleaner v6.046 - Logfile created 13/05/2017 at 11:42:57
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-13.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Sarah - VOLTRON
# Running from : C:\Users\Sarah\Desktop\AdwCleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\ProgramData\1a2701f1-08ac-499a-ba47-c19343438992
Folder Found:  C:\Users\Sarah\AppData\Roaming\RPEng
Folder Found:  C:\Users\Sarah\Desktop\OCS
Folder Found:  C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found:  C:\Program Files (x86)\Common Files\freemake shared
Folder Found:  C:\Users\Sarah\AppData\Roaming\DESKTOPICONAMAZON


***** [ Files ] *****

File Found:  C:\END


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1362 Bytes] - [13/05/2017 11:42:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1435 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64 
Ran by Sarah (Administrator) on 13.05.2017 at 11:56:18,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5 

Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Windows\wininit.ini (File) 



Registry: 3 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE2D51EB-E462-42F5-A030-43CE9D89FDAB} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.05.2017 at 11:57:37,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Sarah (administrator) on VOLTRON (13-05-2017 12:01:46)
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available Profiles: Sarah & papa admin)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5793048 2014-10-09] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-12-25] (Entertainment Experience)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-07] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [BingSvc] => C:\Users\Sarah\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\AVMAutoStart.exe [139264 2016-08-10] (AVM Berlin)
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
IFEO\dbr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-07] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-07] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{331A6852-0CBF-42D8-9E76-4BB3CA3CA8D8}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{5C9DF708-73E2-4972-BA87-1E44E7C6796C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{EA91ADD8-9523-4152-A050-F67FE6AD29DA}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1580146942-300429447-1193542625-1001 -> DefaultScope {AE2D51EB-E462-42F5-A030-43CE9D89FDAB} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-07] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-07] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF DefaultProfile: 1u1psced.default
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default [2017-05-13]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\1u1psced.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1u1psced.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\1u1psced.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\1u1psced.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Avast SafePrice) - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default\Extensions\sp@avast.com.xpi [2017-05-07]
FF Extension: (Avast Online Security) - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default\Extensions\wrc@avast.com.xpi [2017-05-07]
FF Extension: (Adblock Plus) - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1580146942-300429447-1193542625-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-05-07] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-25] (BitRaider, LLC)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-05-04] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-26] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-05] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7986816 2016-11-06] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-29] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-29] (Electronic Arts)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2014-12-25] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635672 2014-05-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2016-06-04] () [File not signed]
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-07] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-07] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-05-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-07] (AVAST Software)
R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2016-04-02] (AVM Berlin)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-28] (BitRaider)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-12-24] ()
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-26] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2015-03-09] (Intel Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 11:59 - 2017-05-13 11:59 - 00001518 _____ C:\Users\Sarah\Desktop\AdwCleaner[S0].txt
2017-05-13 11:57 - 2017-05-13 11:57 - 00001319 _____ C:\Users\Sarah\Desktop\JRT.txt
2017-05-13 11:53 - 2017-05-13 11:53 - 01663672 _____ (Malwarebytes) C:\Users\Sarah\Desktop\JRT.exe
2017-05-13 11:52 - 2017-05-13 11:52 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-13 11:35 - 2017-05-13 11:59 - 00000000 ____D C:\AdwCleaner
2017-05-13 11:33 - 2017-05-13 11:33 - 04102600 _____ C:\Users\Sarah\Desktop\AdwCleaner_6.046.exe
2017-05-12 20:37 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-12 20:37 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-12 11:58 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-12 11:58 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-12 11:58 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-12 11:58 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-11 17:46 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-11 17:46 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-11 17:46 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-11 17:46 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-11 17:46 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-11 17:46 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-11 17:46 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-11 17:46 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-11 17:46 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-11 17:46 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-11 17:46 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-11 17:46 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-11 17:46 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-11 17:46 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-11 17:46 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-11 17:46 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-11 17:46 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-11 17:46 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-11 17:46 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-11 17:46 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-11 17:46 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-11 17:46 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-11 17:46 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-11 17:46 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-11 17:46 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-11 17:46 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-11 17:46 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-11 17:46 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-11 17:46 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-11 17:46 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-11 17:46 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-11 17:46 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-11 17:46 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-11 17:46 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-11 17:46 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-11 17:46 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-11 17:46 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-11 17:46 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-11 17:46 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-11 17:46 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-11 17:46 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-11 17:46 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-11 17:46 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-11 17:46 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-11 17:46 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-11 17:46 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-11 17:46 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-11 17:46 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-11 17:46 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-11 17:46 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-11 17:46 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-11 17:46 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-11 17:46 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-11 17:46 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-11 17:46 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-11 17:46 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-11 17:46 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-11 17:46 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-11 17:46 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-11 17:46 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-11 17:46 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-11 17:46 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-11 17:46 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-11 17:46 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-11 17:46 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-11 17:46 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-11 17:46 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-11 17:46 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-11 17:46 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-11 17:46 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-11 17:46 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-11 17:46 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-11 17:46 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-11 17:46 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-11 17:46 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-11 17:46 - 2017-03-11 01:38 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-11 17:46 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-11 17:46 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-11 17:46 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-11 17:27 - 2017-05-13 12:02 - 00018656 _____ C:\Users\Sarah\Desktop\FRST.txt
2017-05-11 17:26 - 2017-05-13 12:01 - 00000000 ____D C:\FRST
2017-05-11 17:25 - 2017-05-11 17:25 - 02429440 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2017-05-10 18:50 - 2017-05-07 16:44 - 00003094 _____ C:\Users\Public\Documents\MWBT.txt
2017-05-07 16:44 - 2017-05-07 16:44 - 00003094 _____ C:\Users\Sarah\Desktop\MWBT.txt
2017-05-07 16:35 - 2017-05-13 11:48 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-07 16:35 - 2017-05-13 11:48 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-07 16:35 - 2017-05-07 16:35 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-07 16:34 - 2017-05-13 11:48 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-07 16:34 - 2017-05-13 11:48 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-07 16:34 - 2017-05-07 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-07 16:34 - 2017-05-07 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-07 16:34 - 2017-05-07 16:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-07 16:34 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-07 16:33 - 2017-05-07 16:33 - 60107896 _____ (Malwarebytes ) C:\Users\Sarah\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-07 16:31 - 2017-05-07 16:32 - 08246426 _____ C:\Users\Sarah\Downloads\mbam-mac-1.2.6.730.dmg
2017-05-07 16:13 - 2017-02-23 16:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-07 16:13 - 2017-02-22 16:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-07 16:13 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-05-07 16:13 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-05-07 16:13 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2017-05-07 16:13 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-05-07 16:13 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-05-07 16:13 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2017-05-07 16:13 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-05-07 16:13 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-05-07 16:13 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-05-07 16:13 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-05-07 16:13 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2017-05-07 16:13 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2017-05-07 16:13 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2017-05-07 16:13 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-05-07 16:13 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-05-07 16:13 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2017-05-07 16:13 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2017-05-07 16:13 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-05-07 16:13 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2017-05-07 16:13 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2017-05-07 16:13 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-05-07 16:13 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-05-07 16:13 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2017-05-07 16:13 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-05-07 16:13 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-05-07 16:13 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2017-05-07 16:13 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2017-05-07 16:13 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2017-05-07 16:13 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2017-05-07 16:13 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2017-05-07 16:13 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2017-05-07 16:12 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-07 16:12 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-07 16:12 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-07 16:12 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-07 16:12 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-07 16:12 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-07 16:12 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2017-05-07 16:12 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2017-05-07 16:12 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2017-05-07 15:58 - 2016-10-20 15:14 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-05-07 15:58 - 2016-10-20 15:10 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-05-07 15:51 - 2017-05-07 15:51 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-07 15:37 - 2017-05-07 15:37 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Temp
2017-05-05 09:35 - 2017-05-05 09:35 - 00000900 _____ C:\Users\Sarah\Documents\Bilder - Verknüpfung.lnk
2017-05-04 16:17 - 2017-05-04 16:17 - 00002040 _____ C:\Users\Public\Desktop\Paladins.lnk
2017-05-04 16:16 - 2017-05-04 16:17 - 75162992 _____ (Hi-Rez Studios) C:\Users\Sarah\Downloads\InstallPaladins.exe
2017-05-04 16:16 - 2017-05-04 16:16 - 00000000 __HDC C:\ProgramData\{6E35203C-6E98-4378-8362-112CFE55C2C1}
2017-05-04 16:16 - 2017-05-04 16:16 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-05-04 16:12 - 2017-05-04 16:17 - 00002047 _____ C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2017-05-04 16:12 - 2017-05-04 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-05-04 15:33 - 2017-05-04 15:33 - 00000000 ____D C:\Users\Sarah\AppData\Local\HirezLauncherUI
2017-05-04 15:30 - 2017-05-04 15:01 - 00382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 11:57 - 2016-11-18 19:55 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Mozilla
2017-05-13 11:53 - 2014-04-23 18:08 - 00764460 _____ C:\Windows\system32\perfh007.dat
2017-05-13 11:53 - 2014-04-23 18:08 - 00159570 _____ C:\Windows\system32\perfc007.dat
2017-05-13 11:53 - 2014-03-18 11:53 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-13 11:53 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-13 11:49 - 2015-05-28 21:28 - 00000000 ___RD C:\Users\Sarah\OneDrive
2017-05-13 11:49 - 2015-05-28 21:21 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-13 11:49 - 2015-05-28 21:21 - 00000000 __SHD C:\Users\Sarah\IntelGraphicsProfiles
2017-05-13 11:48 - 2016-01-27 15:27 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-13 11:47 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 11:47 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-05-13 11:46 - 2015-03-23 23:30 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-05-13 11:44 - 2015-06-13 20:07 - 00000000 ____D C:\Users\Sarah\Desktop\fertige Zeichnungen
2017-05-13 09:12 - 2016-04-02 14:01 - 00000000 ____D C:\Users\Sarah\AppData\Local\Deployment
2017-05-12 21:43 - 2015-05-30 21:15 - 00000000 ____D C:\Users\Sarah\Desktop\WIP oder only AP
2017-05-12 20:43 - 2015-07-24 13:58 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 20:35 - 2013-08-22 16:44 - 00451544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-12 18:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-12 18:10 - 2015-06-02 14:25 - 00000000 ____D C:\Windows\system32\MRT
2017-05-12 18:08 - 2015-06-02 14:25 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-12 18:07 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-12 18:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-12 12:06 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-11 17:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 17:28 - 2017-03-17 16:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-11 17:28 - 2015-08-01 16:40 - 00000000 ____D C:\ProgramData\Skype
2017-05-10 19:07 - 2015-05-28 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1580146942-300429447-1193542625-1001
2017-05-10 18:52 - 2015-10-18 12:02 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-07 16:25 - 2015-06-02 14:34 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-07 16:25 - 2015-03-23 23:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-07 16:25 - 2014-03-18 11:38 - 00000000 ____D C:\Windows\ShellNew
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-07 16:25 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\oobe
2017-05-07 15:54 - 2016-02-05 18:48 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1454690922
2017-05-07 15:54 - 2016-02-05 18:48 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-07 15:51 - 2017-03-24 21:19 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-07 15:51 - 2015-07-24 13:58 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-07 15:50 - 2016-02-05 18:46 - 00507928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-05-07 15:50 - 2015-07-24 13:58 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-07 15:50 - 2015-07-24 13:58 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-07 15:43 - 2016-11-18 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-07 15:43 - 2015-05-29 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-07 15:41 - 2015-06-07 13:56 - 00000419 _____ C:\Windows\BRWMARK.INI
2017-05-07 15:41 - 2015-06-07 13:56 - 00000027 _____ C:\Windows\BRPP2KA.INI
2017-05-05 22:40 - 2015-12-20 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-05 19:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-04 16:49 - 2016-01-27 15:43 - 00000000 ____D C:\Users\Sarah\Documents\My Games
2017-05-04 16:49 - 2016-01-27 15:27 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-05-04 16:15 - 2015-07-21 15:08 - 00000000 ____D C:\Users\Sarah\AppData\Local\CrashDumps
2017-05-04 16:12 - 2015-03-23 23:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-04 10:17 - 2015-07-12 09:34 - 00000000 ____D C:\Users\Sarah\Desktop\Schulkram
2017-05-02 17:15 - 2015-11-14 12:06 - 00000000 ____D C:\Users\Sarah\.maplesoft
2017-05-02 16:49 - 2015-12-20 11:20 - 00000000 ____D C:\Users\Sarah\Desktop\Maple Dateien
2017-05-02 15:23 - 2015-03-23 23:30 - 00000000 ____D C:\ProgramData\PCDr
2017-05-02 12:34 - 2015-05-28 21:20 - 00000000 ____D C:\Users\Sarah
2017-04-29 17:04 - 2015-06-03 16:10 - 00000000 ____D C:\ProgramData\Origin
2017-04-29 15:52 - 2015-06-03 16:10 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Origin
2017-04-29 15:52 - 2015-06-03 16:10 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-29 15:50 - 2016-05-01 19:25 - 00001267 _____ C:\Users\Sarah\Desktop\nativelog.txt
2017-04-29 15:40 - 2015-05-29 14:32 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\.minecraft
2017-04-29 15:29 - 2015-06-03 16:46 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-29 12:20 - 2015-03-23 23:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-04-29 12:18 - 2015-05-29 17:53 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\PCDr

==================== Files in the root of some directories =======

2016-01-15 16:34 - 2016-01-15 16:34 - 0005056 _____ () C:\Users\Sarah\AppData\Roaming\.minecraft - Verknüpfung.lnk
2017-01-10 16:06 - 2017-01-10 16:06 - 0005102 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2015-03-23 22:54 - 2015-03-23 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-12-27 19:16 - 2016-12-28 20:31 - 0000080 _____ () C:\Users\Sarah\AppData\Local\Temp\549d62c83689e6d3d2f1936c5946ee10.dll
2016-12-27 19:15 - 2016-12-27 19:15 - 0000512 _____ () C:\Users\Sarah\AppData\Local\Temp\8bd736a35b2b87b4ded8f9a160edae17.dll
2015-11-14 12:15 - 2015-11-14 12:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\BingSvc.exe
2015-08-01 16:51 - 2015-11-14 12:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\BSvcProcessor.exe
2015-08-01 16:51 - 2015-11-14 12:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\BSvcUpdater.exe
2016-04-15 15:57 - 2016-04-15 15:57 - 0000512 _____ () C:\Users\Sarah\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
2016-04-15 15:57 - 2016-04-15 15:57 - 0000069 _____ () C:\Users\Sarah\AppData\Local\Temp\df9ea10e15964d6e6fe8764a0e4693d1.dll
2015-11-14 14:33 - 2016-12-22 18:28 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7400009.dll
2015-06-03 16:01 - 2015-06-03 16:01 - 20844712 _____ (Electronic Arts, Inc.) C:\Users\Sarah\AppData\Local\Temp\EADD2C3.exe
2015-09-18 17:06 - 2015-09-18 17:06 - 24506360 _____ (ArenaNet) C:\Users\Sarah\AppData\Local\Temp\Gw2.exe
2017-05-04 16:18 - 2017-04-17 17:36 - 0037376 _____ (Microsoft) C:\Users\Sarah\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2017-05-04 16:18 - 2017-04-17 14:23 - 0020480 _____ (Microsoft) C:\Users\Sarah\AppData\Local\Temp\HiRezLauncherControls.dll
2016-12-17 17:48 - 2016-12-17 17:48 - 37171128 _____ () C:\Users\Sarah\AppData\Local\Temp\InstallIMVU_529.0.exe
2015-07-24 13:30 - 2015-01-22 13:10 - 0098832 _____ (McAfee Inc.) C:\Users\Sarah\AppData\Local\Temp\mccspuninstall.exe
2015-05-30 18:12 - 2015-05-30 18:12 - 50284752 _____ (Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
2015-05-31 18:38 - 2010-08-13 06:57 - 0149352 ____R (Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\ose00000.exe
2015-05-31 19:22 - 2010-08-13 06:57 - 0149352 ____R (Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\ose00002.exe
2016-05-12 06:50 - 2016-05-12 06:51 - 11217920 _____ () C:\Users\Sarah\AppData\Local\Temp\SkypeSetup.exe
2009-03-28 23:08 - 2009-03-28 23:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Sarah\AppData\Local\Temp\UninstallEADM.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-23 17:14

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Sarah (13-05-2017 12:02:34)
Running from C:\Users\Sarah\Desktop
Windows 8.1 (Update) (X64) (2015-05-28 19:21:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1580146942-300429447-1193542625-500 - Administrator - Disabled)
Guest (S-1-5-21-1580146942-300429447-1193542625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1580146942-300429447-1193542625-1008 - Limited - Enabled)
papa admin (S-1-5-21-1580146942-300429447-1193542625-1006 - Administrator - Enabled) => C:\Users\papa admin
Sarah (S-1-5-21-1580146942-300429447-1193542625-1001 - Administrator - Enabled) => C:\Users\Sarah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abenteuer auf dem Reiterhof - Die wilden Mustangs (HKLM-x32\...\{F715F7A4-67BA-11DD-93EF-B74D56D89593}) (Version: 1.00.0000 - Phoenix Interactive)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alicia (HKLM-x32\...\Alicia) (Version: 1.0.0.0 - NtreevSoft)
AMD Catalyst Install Manager (HKLM\...\{2A570AD7-943C-944A-262B-4794578E8E33}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - Nordic Games GmbH)
ArtRage Studio (HKLM-x32\...\{A35086FB-486A-47FB-8D29-92A7DA63B0D2}) (Version: 3.5.12 - Ambient Design)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
FireAlpaca 1.4.1 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.4.1 - firealpaca.com)
flockmod tablet edition (HKLM-x32\...\flockmod-air-tablet-ed) (Version: 1.4.0 - UNKNOWN)
flockmod tablet edition (x32 Version: 1.4.0 - UNKNOWN) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Frets On Fire (HKLM-x32\...\Frets on Fire) (Version: 1.3.110-win32 - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\195fa74437467f40) (Version: 2.3.4.0 - AVM Berlin)
Gameforge Live 2.0.11 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.11 - Gameforge)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.1.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version:  - )
ICA (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{694000a5-c594-49d2-b6e4-ef3960120b0f}) (Version: 17.1.0 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
Krita Desktop (x64) 2.9.7.6 (HKLM\...\{4A62AB27-ED63-4A93-B708-05440FCE4298}) (Version: 2.9.7.6 - Krita Foundation)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio Debut 4.0 (HKLM-x32\...\Manga Studio Debut 4.0) (Version:  - )
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MediBang Paint Pro 8.0 (32-bit) (HKLM-x32\...\MediBang Paint Pro_is1) (Version: 8.0 - Medibang)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.8.36918 - Electronic Arts, Inc.)
PaintTool SAI version 1.2.0 (HKLM-x32\...\{53BB7213-AC5D-4437-968B-46EA40684B6C}_is1) (Version: 1.2.0 - SystemaxJP, Inc.)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.49.1796.3 - Hi-Rez Studios)
PSPPContent (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPro64 (Version: 14.2.0.1 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.014 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7363 - Realtek Semiconductor Corp.)
Riding Club Championships (HKLM\...\Steam App 509420) (Version:  - Artplant)
Riding Star 2 (Nur Entfernen) (HKLM-x32\...\Riding Star 2) (Version:  - )
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 14.2.0.1 - Ihr Firmenname) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lost Crown version 1.2.1 (HKLM-x32\...\The Lost Crown_is1) (Version: 1.2.1 - Darkling Room)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience)
True Color (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Twin Saga DE (HKLM-x32\...\Twin Saga DE) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {065423C8-4C1E-404F-B289-CC86213E4D01} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {11C3C4D3-DC00-4547-950E-2536F7ECE2D8} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {2ECB42B9-FEA1-4283-B18B-602D7DA0E877} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {5F23B762-A73E-4865-94C1-4E58C32EC91C} - System32\Tasks\SafeZone scheduled Autoupdate 1454690922 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {636B698E-4B0C-4650-9B9C-06DA0A8462C9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {65C95D87-1454-4473-8B4A-657217D5DD1C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {8BA883E6-FDCC-445C-BE73-14CD04CA3E68} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {A3D84FAD-53ED-44C3-AA71-3CD86A8CB035} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {B070CC6E-9810-4BAD-BE95-6486924FE772} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D7CFB08F-EBBF-4816-BAF0-D6124AAB693B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {DBDA5509-DBAE-4E96-8DCC-9D62022CF324} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E3CC9D1D-44A1-414C-A049-24B4B01DA473} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {E569C4CC-4038-4043-8CA8-47FFCC30996B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-07] (AVAST Software)
Task: {F96500E8-CDE3-4559-8F0F-252DF06BED69} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F97C46B5-6CA0-439C-B4FA-35E33C5D3E5C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {FA976113-C614-4E7C-BDE9-7082F311258B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-28] (AVAST Software)
Task: {FDB6D4E0-3370-422F-AC07-FCBA52BB1E8D} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-20] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-07 18:06 - 2014-04-07 18:06 - 00466944 _____ () C:\Windows\system32\DPPPlugin.dll
2014-12-25 08:27 - 2014-12-25 08:27 - 00094160 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2015-06-25 08:53 - 2015-06-25 08:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2015-03-23 23:33 - 2014-06-05 00:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2015-03-23 23:33 - 2014-06-05 00:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2015-03-23 23:33 - 2014-06-05 00:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-07 15:51 - 2017-05-07 15:51 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2014-10-10 18:37 - 2014-10-10 18:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sarah\Pictures\Hintergründe\maxresdefault.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02AAD68B-13CC-4D77-8340-B339D32AFB61}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{541B55AB-6CE2-400A-BDC9-DF06DC366AFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C026F55B-14EB-482E-A196-6AF5CBEC49AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F7C3E72-31A4-4A97-A8D6-8167EB643F28}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{E059C0A7-990B-4EF8-8539-84BB8A51C979}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1EF03B25-08D9-4CB6-9619-52AABB4B494A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{20A990DC-7F27-4AC6-BC10-AEDE4227E78F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{C1904E5E-4D6F-49BE-8EE4-FA9CE6CFC3FE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CD5A63B8-42AA-43BD-80F0-E2FE9DFD9884}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{260BF685-D974-4319-B794-12210F812408}C:\program files (x86)\deep silver\horse life\autorun.exe] => (Block) C:\program files (x86)\deep silver\horse life\autorun.exe
FirewallRules: [UDP Query User{724E3C35-CBE4-43D5-950B-36E221ACD741}C:\program files (x86)\deep silver\horse life\autorun.exe] => (Block) C:\program files (x86)\deep silver\horse life\autorun.exe
FirewallRules: [TCP Query User{AE7020BB-E413-4488-9572-A6993109D250}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{85263735-F83F-466B-BE9F-1193D7FE4E3D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DB446EDB-492D-4010-A5B4-1BC0A12E9744}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0E40CC18-5A3D-4FFF-BB7C-DBED92F4C46F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{49BCABE9-BBA2-4AA1-ABA3-308B1A30121E}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{024F5CF1-F807-4E1F-881D-B55F173ECE04}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{27A218C9-474B-4668-89F0-D5BEE9515474}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DB1FDDA-1C3D-4C6E-82E3-984F080A7703}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0EBAF9A0-BEBB-42D8-800E-A46E82B0210E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{5563583E-B0E1-4188-830C-B798FEDF45CA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{41A089A7-E9EA-4564-BFE4-03A7995B0357}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1D0FB206-644F-4B01-ABB4-D1350F0D2112}] => (Allow) LPort=2869
FirewallRules: [{8020E7F3-FD7D-40B5-B7CA-4439289B05EC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C896C8BC-D1A6-4632-B18C-00078EF405D4}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{F4BB8DEA-260E-4454-90BC-5FDBD9ADB50F}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{1590CDAC-8EC9-4CFA-AC9E-15F70E25A30B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AA54BB8-B927-47C8-9699-73B1AEB31E2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0D04F30F-45BE-4412-8960-EA6437D665AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D24B2139-06AF-4683-B6A6-1A7F17964629}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7DD02DD-E4EB-406F-96D8-69869AF2CDE7}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E1F71C50-7E88-4FBD-ACB6-55839DF1CFBF}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{326A3BF7-966F-4F52-AD24-9594811C72A3}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{F16AC08F-87B6-4633-A746-0D59DFCF2D1A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C625C9A3-EC0A-42BF-9CF8-EDDE152C13F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{84B93C6F-62E1-40E4-B87A-655AF9BAAF78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [TCP Query User{772A04BD-FFE3-487B-9184-2D8E2495F519}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{B0665C13-43E9-4FA6-A730-614E522B6E21}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{8F62C283-EF42-4F47-B107-589AF53EBDA4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9534CDF9-B24D-40B2-B6A2-9AC433956D38}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{841DC423-8D1D-4AF2-9D4A-5CB316E9E09C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{A1D21670-23E6-47DD-AB5C-993C5B873CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [TCP Query User{59EA195C-58B6-49E8-841D-B4C355BDD79D}C:\program files\maple 18\jre\bin\maple.exe] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{D713203F-5654-4F45-827B-380CB0857234}C:\program files\maple 18\jre\bin\maple.exe] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [TCP Query User{600161C9-CD03-494D-9AE7-B52F5DCF5984}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{12D44C1E-FE3A-4DFE-820F-607EA23A4618}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D4F8382E-C667-46FA-B85E-A21A20A1DD12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{5432DDA0-7AAD-4C0A-857F-881B53E987C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{BF06EF00-6963-4438-A0B8-C0FE91876996}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{147D5682-530E-4A94-8440-969C43FE1D20}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [TCP Query User{109497A3-4868-4C6F-9BE1-28D8249EDFD7}C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe] => (Block) C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{87312F97-97A9-45F6-9A08-FB44734D3C1C}C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe] => (Block) C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{A4473DE0-E065-4D09-AE4D-A02FB0190E7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1AAEF791-6AB9-4A28-8506-9BF5F428D673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1ED98C21-CCC8-436B-8389-1EE29EE6BD6E}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{24905A95-7A6F-4688-AD3D-5F14441A06D8}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{9FEF3DAB-8700-4A09-ACA6-8BAF7CC07939}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [TCP Query User{AEA3CF56-BCE4-483E-965E-5AECB2E5F3B7}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [UDP Query User{7921F6FA-F432-4513-8E52-61080DA2C32A}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [{530EF970-50EE-46A7-9D37-06054DAADD99}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{95E240C1-383D-4E8C-84F8-D62CC5865FF6}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F67BEDFD-6F4D-4C5D-8151-9D4CDAA1C4FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RidingClubChampionships\rcc.exe
FirewallRules: [{54C37421-867D-462F-8FA0-957FF04F86F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RidingClubChampionships\rcc.exe
FirewallRules: [{DC8D09E5-3878-49B9-A84F-45CF10A5D4B4}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{96777B42-7D8A-4E60-B6EB-A3580A2612A7}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5758B12D-7421-46A4-AF1F-1335AAF08A5C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7C9AE3E-D680-4FB7-9DAE-AA8CF6F1F4FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BCCFE84F-72C2-4F6D-9A94-53D78E77AEBA}] => (Allow) C:\AeriaGames\TwinSaga-DE\game.bin
FirewallRules: [{8FE71C08-C6B7-4EE8-95CA-62141112483A}] => (Allow) C:\AeriaGames\TwinSaga-DE\game.bin
FirewallRules: [TCP Query User{80C64DF3-A288-4721-A24F-942514B2766B}C:\users\sarah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sarah\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E087CF16-BF43-4085-A986-B42AEF455D75}C:\users\sarah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sarah\appdata\local\akamai\netsession_win.exe
FirewallRules: [{CD175CDD-5D8B-4E22-8315-40F79F92E45A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{FA1FCF40-0F76-435A-ABF4-EDA0E19DA96A}] => (Allow) C:\Users\Sarah\AppData\Local\Gametree\Alicia\Alicia.exe
FirewallRules: [{3C893A62-2A4C-4810-B38A-8968168A4946}] => (Allow) C:\Users\Sarah\AppData\Local\Gametree\Alicia\Alicia.exe
FirewallRules: [{541F72FB-2CCE-4A2D-B640-6DCBB2754A3C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

==================== Restore Points =========================

23-04-2017 15:34:21 Installed CLIP STUDIO PAINT
04-05-2017 16:11:48 Removed Hi-Rez Studios Games
07-05-2017 16:13:29 Windows Update
12-05-2017 11:57:26 Windows Update
13-05-2017 11:56:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2017 09:14:50 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/13/2017 09:12:57 AM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: Event-ID 4

Error: (05/12/2017 08:39:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (05/12/2017 06:13:54 PM) (Source: TrueColorALS) (EventID: 4) (User: )
Description: Event-ID 4

Error: (05/12/2017 02:54:31 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/12/2017 02:54:31 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/11/2017 05:45:38 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/11/2017 05:45:37 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/10/2017 06:55:26 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>

Error: (05/10/2017 06:55:25 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[Das '/'-Zeichen, hexidezimaler Wert 0x2F, darf nicht in einem Namen enthalten sein.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   bei System.Xml.XmlDocument.CheckName(String name)
   bei System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   bei eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="JQV5X32" SMBIOSMajVer="2" SMBIOSMinVer="7" SMBIOSBIOSVer="A02" SMBIOSPresent="True" Rel_Date="20141204000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5548" Ident_Num="VOLTRON" TimeZone="(UTC+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien" OSName="Microsoft Windows 8.1"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.178.22</HostIP></Exception>


System errors:
=============
Error: (05/13/2017 11:49:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/13/2017 11:48:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (05/13/2017 11:48:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/13/2017 11:48:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (05/13/2017 11:46:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (05/13/2017 11:46:48 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (05/13/2017 11:46:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI Performance Adapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.

Error: (05/13/2017 11:46:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/13/2017 11:46:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player Network Sharing Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (05/13/2017 11:46:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel® ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-05-13 11:47:38.354
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-12 20:35:13.433
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 16:46:31.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 16:27:47.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 15:53:02.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 15:43:05.362
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-04 15:51:29.729
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-24 20:21:02.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-24 14:34:19.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-15 19:49:17.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8106.45 MB
Available physical RAM: 5730.73 MB
Total Virtual: 9514.45 MB
Available Virtual: 7017.03 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.94 GB) (Free:683.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4C1244D)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

M-K-D-B · 13.05.2017, 13:15

Servus,

Zitat:

# Mode: Scan

Leider hast du die falsche Logdatei gepostet. Ich benötige die Logdatei des Löschvorgangs, nicht des Suchlaufs. Einfach meine Anleitung nochmal durchlesen, da steht alles drinnen.

Bitte beachte:
Du sollst AdwCleaner nicht nochmal ausführen, sondern nur die richtige Logdatei posten.

NH71 · 13.05.2017, 13:23

sorry

Code:

ATTFilter

# AdwCleaner v6.046 - Logfile created 13/05/2017 at 11:46:39
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-13.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Sarah - VOLTRON
# Running from : C:\Users\Sarah\Desktop\AdwCleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\1a2701f1-08ac-499a-ba47-c19343438992
[-] Folder deleted: C:\Users\Sarah\AppData\Roaming\RPEng
[-] Folder deleted: C:\Users\Sarah\Desktop\OCS
[-] Folder deleted: C:\Program Files (x86)\Amazon\Amazon1ButtonApp
[-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared
[-] Folder deleted: C:\Users\Sarah\AppData\Roaming\DESKTOPICONAMAZON


***** [ Files ] *****

[-] File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: "Prefetch" files deleted
:: Proxy settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1364 Bytes] - [13/05/2017 11:46:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [1518 Bytes] - [13/05/2017 11:42:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1510 Bytes] ##########

M-K-D-B · 13.05.2017, 14:02

Servus,

wir entfernen noch ein bisschen was und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1

Kopiere den Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
Task: {FDB6D4E0-3370-422F-AC07-FCBA52BB1E8D} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-20] () <==== ATTENTION
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
End::

Starte nun FRST und klicke den Entfernen Button.
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

NH71 · 13.05.2017, 17:13

Hallo
beim ausführen von FRST gab es einen Bluescreen

https://www.flickr.com/photos/144873343@N08/shares/8650t5

das logfile wurde aber erstellt, trotzdem weiter machen mit Schritt 2 ?

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Sarah (13-05-2017 15:13:41) Run:1
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available Profiles: Sarah & papa admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
Task: {FDB6D4E0-3370-422F-AC07-FCBA52BB1E8D} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2015-12-20] () <==== ATTENTION
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDB6D4E0-3370-422F-AC07-FCBA52BB1E8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB6D4E0-3370-422F-AC07-FCBA52BB1E8D} => key removed successfully
C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => key removed successfully

========= dir "%ProgramFiles%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Program Files

07.05.2017  16:34    <DIR>          .
07.05.2017  16:34    <DIR>          ..
23.03.2015  23:27    <DIR>          AMD
23.03.2015  23:27    <DIR>          ATI
05.02.2016  18:46    <DIR>          AVAST Software
01.04.2017  15:51    <DIR>          Common Files
29.12.2016  19:42    <DIR>          Dell
24.02.2017  17:46    <DIR>          Dell Support Center
30.12.2016  14:24    <DIR>          GIMP 2
01.08.2015  17:40    <DIR>          Intel
23.03.2015  23:29    <DIR>          Intel Corporation
12.05.2017  18:11    <DIR>          Internet Explorer
29.09.2015  16:21    <DIR>          Krita (x64)
07.05.2017  16:34    <DIR>          Malwarebytes
29.09.2015  13:53    <DIR>          Maple 18
30.05.2015  18:13    <DIR>          Microsoft Mouse and Keyboard Center
01.06.2015  18:57    <DIR>          Microsoft Office
23.03.2015  22:04    <DIR>          MSBuild
20.04.2016  10:24    <DIR>          OBS
23.03.2015  22:53    <DIR>          Realtek
23.03.2015  22:04    <DIR>          Reference Assemblies
07.05.2016  11:19    <DIR>          Shotcut
30.05.2015  18:25    <DIR>          Tablet
12.05.2016  15:46    <DIR>          TabletPlugins
23.03.2015  23:37    <DIR>          TrueColor
07.05.2017  16:25    <DIR>          Windows Defender
31.05.2015  12:56    <DIR>          Windows Mail
31.05.2015  12:56    <DIR>          Windows Media Player
23.03.2015  23:35    <DIR>          Windows Multimedia Platform
22.08.2013  17:36    <DIR>          Windows NT
31.05.2015  12:56    <DIR>          Windows Photo Viewer
23.03.2015  23:35    <DIR>          Windows Portable Devices
23.03.2015  23:34    <DIR>          WindowsPowerShell
               0 Datei(en),              0 Bytes
              33 Verzeichnis(se), 733.621.919.744 Bytes frei

========= End of CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Program Files (x86)

01.04.2017  13:10    <DIR>          .
01.04.2017  13:10    <DIR>          ..
11.03.2017  12:16    <DIR>          Adobe
13.05.2017  11:46    <DIR>          Amazon
30.05.2015  18:51    <DIR>          Ambient Design
23.03.2015  23:27    <DIR>          AMD AVT
23.03.2015  23:27    <DIR>          ATI Technologies
03.10.2015  23:08    <DIR>          Audacity
31.05.2015  19:48    <DIR>          Autodesk
13.05.2017  11:46    <DIR>          Common Files
31.05.2015  18:12    <DIR>          Corel
30.05.2015  11:34    <DIR>          Dell
05.02.2016  18:45    <DIR>          Dell Backup and Recovery
27.01.2017  14:27    <DIR>          Dell Customer Connect
23.03.2015  23:30    <DIR>          Dell Digital Delivery
03.06.2015  20:02    <DIR>          Dell Product Registration
02.09.2015  17:15    <DIR>          Dell Update
23.03.2015  23:36    <DIR>          Dropbox
25.07.2015  11:55    <DIR>          Electronic Arts
09.08.2015  14:13    <DIR>          FireAlpaca
11.03.2017  12:16    <DIR>          flockmod-tablet
20.05.2016  14:59    <DIR>          Guild Wars 2
13.05.2017  14:48    <DIR>          Hi-Rez Studios
02.09.2015  17:15    <DIR>          Intel
12.05.2017  18:11    <DIR>          Internet Explorer
25.06.2016  15:05    <DIR>          Medibang
01.06.2015  18:57    <DIR>          Microsoft Analysis Services
01.06.2015  19:00    <DIR>          Microsoft Office
05.12.2015  16:41    <DIR>          Microsoft SQL Server Compact Edition
03.06.2015  15:54    <DIR>          Microsoft WSE
01.06.2015  19:00    <DIR>          Microsoft.NET
29.04.2017  15:29    <DIR>          Minecraft
07.05.2017  15:43    <DIR>          Mozilla Firefox
07.05.2017  15:43    <DIR>          Mozilla Maintenance Service
04.02.2016  14:37    <DIR>          Mozilla Thunderbird
23.03.2015  22:04    <DIR>          MSBuild
01.04.2017  13:10    <DIR>          NCSOFT
01.04.2017  13:09    <DIR>          NCWest
21.07.2015  14:27    <DIR>          Nordic Games
21.07.2015  15:05    <DIR>          NVIDIA Corporation
20.04.2016  10:24    <DIR>          OBS
29.04.2017  15:52    <DIR>          Origin
12.02.2016  15:30    <DIR>          Origin Games
09.04.2016  19:44    <DIR>          PaintTool SAI
23.03.2015  22:04    <DIR>          Reference Assemblies
11.05.2017  17:28    <DIR>          Skype
30.05.2015  19:01    <DIR>          Smith Micro
06.05.2016  16:32    <DIR>          Star Stable Entertainment AB
05.05.2017  22:40    <DIR>          Steam
12.05.2016  15:47    <DIR>          TabletPlugins
10.01.2016  16:49    <DIR>          The Lost Crown
05.12.2015  17:09    <DIR>          TuneUp Utilities 2014
23.12.2015  16:14    <DIR>          Tunngle
07.05.2017  16:25    <DIR>          Windows Defender
31.05.2015  12:56    <DIR>          Windows Mail
31.05.2015  12:56    <DIR>          Windows Media Player
23.03.2015  23:35    <DIR>          Windows Multimedia Platform
22.08.2013  17:36    <DIR>          Windows NT
31.05.2015  12:56    <DIR>          Windows Photo Viewer
23.03.2015  23:35    <DIR>          Windows Portable Devices
22.08.2013  17:36    <DIR>          WindowsPowerShell
               0 Datei(en),              0 Bytes
              61 Verzeichnis(se), 733.620.432.896 Bytes frei

========= End of CMD: =========


========= dir "%ProgramData%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\ProgramData

11.11.2016  18:54    <DIR>          .mono
11.03.2017  12:17    <DIR>          Adobe
31.05.2015  19:48    <DIR>          Alias
23.03.2015  23:27    <DIR>          AMD
23.03.2015  23:27    <DIR>          ATI
26.03.2017  11:50    <DIR>          AVAST Software
23.03.2015  23:36    <DIR>          Aviata
25.07.2015  11:56    <DIR>          BitRaider
30.05.2015  19:05    <DIR>          CELSYS
05.12.2015  17:58    <DIR>          Corel
04.09.2016  11:30    <DIR>          Dell
03.07.2015  16:51    <DIR>          EA Core
14.11.2015  14:28    <DIR>          Electronic Arts
05.12.2015  15:14    <DIR>          Freemake
07.07.2015  15:18    <DIR>          Gametree
04.05.2017  16:49    <DIR>          Hi-Rez Studios
02.09.2015  17:15    <DIR>          Intel
23.03.2015  23:21    <DIR>          Intel(R) Update Manager
07.05.2017  16:34    <DIR>          Malwarebytes
24.07.2015  14:02    <DIR>          McAfee
12.12.2015  13:28    <DIR>          Media Center Programs
12.05.2017  18:11    <DIR>          Microsoft Help
29.05.2015  19:02    <DIR>          Mozilla
29.04.2017  17:04    <DIR>          Origin
18.03.2017  18:24    <DIR>          Package Cache
24.02.2017  17:46    <DIR>          PC-Doctor for Windows
27.12.2016  18:33    <DIR>          PC-Doctor, Inc
02.05.2017  15:23    <DIR>          PCDr
29.05.2015  18:35    <DIR>          regid.1991-06.com.microsoft
23.03.2015  23:26    <DIR>          Roaming
11.05.2017  17:28    <DIR>          Skype
07.06.2015  14:13    <DIR>          softthinks
04.05.2017  16:16    <DIR>          SupportAssistAgent
19.09.2015  21:12    <DIR>          SYSTEMAX Software Development
05.12.2015  17:04    <DIR>          TuneUp Software
17.07.2016  14:53    <DIR>          Tunngle
               0 Datei(en),              0 Bytes
              36 Verzeichnis(se), 733.620.371.456 Bytes frei

========= End of CMD: =========


========= dir "%Appdata%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Users\Sarah\AppData\Roaming

13.05.2017  11:46    <DIR>          .
13.05.2017  11:46    <DIR>          ..
29.04.2017  15:40    <DIR>          .minecraft
15.01.2016  16:34             5.056 .minecraft - Verknpfung.lnk
30.09.2016  19:03    <DIR>          .mono
11.03.2017  12:16    <DIR>          Adobe
08.08.2016  14:42    <DIR>          AliciaOnline
30.05.2015  18:52    <DIR>          Ambient Design
07.05.2016  11:21    <DIR>          AMD
28.05.2015  21:22    <DIR>          ATI
17.05.2016  10:20    <DIR>          Audacity
31.05.2015  19:48    <DIR>          Autodesk
24.07.2015  13:59    <DIR>          AVAST Software
02.04.2016  14:12    <DIR>          Brother
31.05.2015  18:22    <DIR>          Corel
28.05.2015  21:44    <DIR>          DropboxOEM
11.03.2017  12:27    <DIR>          flockmod-air-tablet-ed
16.05.2016  17:35    <DIR>          fretsonfire
20.05.2016  15:00    <DIR>          Guild Wars 2
28.05.2015  21:21    <DIR>          Intel
28.05.2015  21:23    <DIR>          Intel Corporation
29.05.2015  14:32    <DIR>          java
03.10.2015  17:32    <DIR>          krita
28.05.2015  21:29    <DIR>          Macromedia
14.11.2015  12:08    <DIR>          Maple
29.05.2015  19:02    <DIR>          Mozilla
17.05.2016  10:20    <DIR>          OBS
29.04.2017  15:52    <DIR>          Origin
29.04.2017  12:18    <DIR>          PCDr
05.02.2017  19:40    <DIR>          Skype
30.05.2015  19:05    <DIR>          Smith Micro
19.09.2015  21:12    <DIR>          SYSTEMAX Software Development
29.06.2016  12:35    <DIR>          TERA
29.05.2015  19:25    <DIR>          Thunderbird
31.05.2015  20:33    <DIR>          TP
06.05.2016  23:08    <DIR>          Tunngle
31.05.2015  18:21    <DIR>          Ulead Systems
12.05.2016  15:45    <DIR>          WTablet
               1 Datei(en),          5.056 Bytes
              37 Verzeichnis(se), 733.620.310.016 Bytes frei

========= End of CMD: =========


========= dir "%LocalAppdata%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Users\Sarah\AppData\Local

04.05.2017  15:33    <DIR>          .
04.05.2017  15:33    <DIR>          ..
11.03.2017  12:15    <DIR>          Adobe
23.01.2017  17:00    <DIR>          Akamai
28.05.2015  21:32    <DIR>          Amazon_Services_LLC
02.04.2016  14:01    <DIR>          Apps
20.04.2016  10:24    <DIR>          assembly
28.05.2015  21:22    <DIR>          ATI
28.05.2015  21:22    <DIR>          Aviata
20.12.2015  17:19    <DIR>          CEF
13.12.2016  11:26    <DIR>          Chromium
31.05.2015  18:21    <DIR>          Corel PaintShop Pro
04.05.2017  16:15    <DIR>          CrashDumps
13.05.2017  09:12    <DIR>          Deployment
07.10.2016  18:27    <DIR>          Diagnostics
28.05.2015  21:22    <DIR>          DropboxOEM
24.07.2016  19:46    <DIR>          ElevatedDiagnostics
09.08.2015  14:13    <DIR>          FireAlpaca
30.12.2016  14:25    <DIR>          fontconfig
26.09.2015  20:20    <DIR>          Gameforge4d
29.11.2015  16:05    <DIR>          Gametree
30.12.2016  14:25    <DIR>          gegl-0.2
10.01.2017  16:03    <DIR>          gtk-2.0
04.06.2015  12:26    <DIR>          GWX
04.05.2017  15:33    <DIR>          HirezLauncherUI
24.07.2015  14:05    <DIR>          Macromedia
25.06.2016  15:05    <DIR>          Medibang
07.05.2016  11:21    <DIR>          Meltytech
02.04.2016  14:09    <DIR>          Microsoft
14.05.2016  14:15    <DIR>          Microsoft Help
29.05.2015  19:02    <DIR>          Mozilla
27.01.2017  15:36    <DIR>          Origin
09.08.2015  12:29    <DIR>          Packages
09.08.2015  14:13    <DIR>          Programs
10.01.2017  16:06             5.102 recently-used.xbel
28.12.2015  11:50    <DIR>          Skype
18.05.2016  10:45    <DIR>          Skyrim
28.05.2015  21:28    <DIR>          softthinks
13.12.2016  11:27    <DIR>          Steam
25.07.2015  15:26    <DIR>          SWTOR
25.07.2015  11:56    <DIR>          SWTORPerf
13.05.2017  15:09    <DIR>          Temp
29.05.2015  19:25    <DIR>          Thunderbird
23.09.2016  17:18    <DIR>          Unity
04.06.2016  18:05    <DIR>          VirtualStore
10.01.2017  16:01    <DIR>          webkit
               1 Datei(en),          5.102 Bytes
              45 Verzeichnis(se), 733.620.256.768 Bytes frei

========= End of CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Program Files (x86)\Common Files

13.05.2017  11:46    <DIR>          .
13.05.2017  11:46    <DIR>          ..
11.03.2017  12:16    <DIR>          Adobe AIR
23.03.2015  23:27    <DIR>          ATI Technologies
28.04.2017  21:19    <DIR>          AV
25.07.2015  11:55    <DIR>          BioWare
03.06.2015  12:17    <DIR>          DESIGNER
06.05.2016  16:32    <DIR>          InstallShield
23.03.2015  23:21    <DIR>          Intel
23.03.2015  23:20    <DIR>          Intel Corporation
24.07.2015  14:02    <DIR>          McAfee
03.06.2015  13:50    <DIR>          Microsoft Shared
23.03.2015  23:20    <DIR>          PostureAgent
31.05.2015  18:20    <DIR>          Protexis
22.08.2013  17:36    <DIR>          Services
11.05.2017  17:28    <DIR>          Skype
04.05.2017  15:54    <DIR>          Steam
31.05.2015  12:56    <DIR>          System
21.07.2015  15:05    <DIR>          Wise Installation Wizard
               0 Datei(en),              0 Bytes
              19 Verzeichnis(se), 733.620.195.328 Bytes frei

========= End of CMD: =========


========= dir "%CommonProgramW6432%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Program Files\Common Files

01.04.2017  15:51    <DIR>          .
01.04.2017  15:51    <DIR>          ..
23.03.2015  23:27    <DIR>          ATI Technologies
05.12.2015  13:58    <DIR>          AV
01.04.2017  15:51    <DIR>          INCA Shared
05.12.2015  16:41    <DIR>          microsoft shared
22.08.2013  17:36    <DIR>          Services
31.05.2015  12:56    <DIR>          System
               0 Datei(en),              0 Bytes
               8 Verzeichnis(se), 733.620.142.080 Bytes frei

========= End of CMD: =========


========= dir "%UserProfile%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: 8A5C-808A

 Verzeichnis von C:\Users\Sarah

02.05.2017  12:34    <DIR>          .
02.05.2017  12:34    <DIR>          ..
10.01.2017  16:07    <DIR>          .gimp-2.8
12.04.2017  13:59    <DIR>          .gstreamer-0.10
02.05.2017  17:15    <DIR>          .maplesoft
08.09.2016  19:01    <DIR>          .Origin
08.09.2016  19:01    <DIR>          .QtWebEngineProcess
30.12.2016  14:29    <DIR>          .thumbnails
07.05.2017  16:30    <DIR>          Contacts
13.05.2017  15:13    <DIR>          Desktop
07.05.2017  16:30    <DIR>          Documents
13.05.2017  11:53    <DIR>          Downloads
07.05.2017  16:30    <DIR>          Favorites
07.05.2017  16:30    <DIR>          Links
07.05.2017  16:30    <DIR>          Music
13.05.2017  14:49    <DIR>          OneDrive
07.05.2017  16:30    <DIR>          Pictures
23.03.2015  23:26    <DIR>          Roaming
07.05.2017  16:30    <DIR>          Saved Games
07.05.2017  16:30    <DIR>          Searches
01.08.2015  16:42    <DIR>          Tracing
07.05.2017  16:30    <DIR>          Videos
               0 Datei(en),              0 Bytes
              22 Verzeichnis(se), 733.620.084.736 Bytes frei

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 20971520 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30153760 B
Java, Flash, Steam htmlcache => 727980475 B

habe nach dem reboot mal weiter gemacht

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.18.284
www.hitmanpro.com

   Computer name . . . . : VOLTRON
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : VOLTRON\Sarah
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-05-13 15:49:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 2.109.058
   Files scanned . . . . : 109.526
   Remnants scanned  . . : 684.978 files / 1.314.554 keys

Suspicious files ____________________________________________________________

   C:\Users\Sarah\Desktop\FRST64.exe
      Size . . . . . . . : 2.429.440 bytes
      Age  . . . . . . . : 1.9 days (2017-05-11 17:25:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 896B7B41B936A1A793C6BE0DE9B9857B106FA5EC70D3335E9380744CD09F19F4
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Windows\System32\DPPPlugin.dll
      Size . . . . . . . : 466.944 bytes
      Age  . . . . . . . : 781.7 days (2015-03-23 23:37:56)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B2C654803A5574E9FA2FC0270072D707E5FCBA67A9DBBC538ADB99A3F648F164
      Fuzzy  . . . . . . : 24.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=db28dcd2d30afc4dbe2d23836a278b0a
# end=init
# utc_time=2017-05-13 01:58:15
# local_time=2017-05-13 03:58:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 33371
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=db28dcd2d30afc4dbe2d23836a278b0a
# end=updated
# utc_time=2017-05-13 02:01:19
# local_time=2017-05-13 04:01:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=db28dcd2d30afc4dbe2d23836a278b0a
# engine=33371
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-05-13 03:57:19
# local_time=2017-05-13 05:57:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 523933 57800693 0 0
# scanned=404488
# found=3
# cleaned=0
# scan_time=6960
sh=C67E0E78A9F3515B84C9917F7950CAD09DB0921F ft=1 fh=c0ddec21615927fb vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Temp\6W97bb4H.exe.part"
sh=E47F3B789CDCCDAD0C8BFF60D50D3B89D670DE6B ft=1 fh=bcbccd66f6866b19 vn="Variante von Win32/Adware.Agent.NOH Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Temp\is-7TGMH.tmp\prsetup.exe"
sh=E47F3B789CDCCDAD0C8BFF60D50D3B89D670DE6B ft=1 fh=bcbccd66f6866b19 vn="Variante von Win32/Adware.Agent.NOH Anwendung" ac=I fn="C:\Users\Sarah\AppData\Local\Temp\is-HRKAI.tmp\prsetup.exe"

es gab noch ein log von ESET da etwas gefunden wurde falls du ds auch brauchst

Code:

ATTFilter

C:\Users\Sarah\AppData\Local\Temp\6W97bb4H.exe.part	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
C:\Users\Sarah\AppData\Local\Temp\is-7TGMH.tmp\prsetup.exe	Variante von Win32/Adware.Agent.NOH Anwendung
C:\Users\Sarah\AppData\Local\Temp\is-HRKAI.tmp\prsetup.exe	Variante von Win32/Adware.Agent.NOH Anwendung

NH71 · 13.05.2017, 17:14

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Sarah (administrator) on VOLTRON (13-05-2017 18:03:28)
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah & papa admin (Available Profiles: Sarah & papa admin)
Platform: Windows 8.1 (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5793048 2014-10-09] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-12-25] (Entertainment Experience)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-07] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-10-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [BingSvc] => C:\Users\Sarah\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\AVMAutoStart.exe [139264 2016-08-10] (AVM Berlin)
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
IFEO\dbr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-07] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-07] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{331A6852-0CBF-42D8-9E76-4BB3CA3CA8D8}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{5C9DF708-73E2-4972-BA87-1E44E7C6796C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{EA91ADD8-9523-4152-A050-F67FE6AD29DA}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1580146942-300429447-1193542625-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1580146942-300429447-1193542625-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1580146942-300429447-1193542625-1001 -> DefaultScope {AE2D51EB-E462-42F5-A030-43CE9D89FDAB} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-05-07] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-05-07] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF DefaultProfile: 1u1psced.default
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default [2017-05-13]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\1u1psced.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1u1psced.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\1u1psced.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\1u1psced.default -> hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Extension: (Avast SafePrice) - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default\Extensions\sp@avast.com.xpi [2017-05-07]
FF Extension: (Avast Online Security) - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default\Extensions\wrc@avast.com.xpi [2017-05-07]
FF Extension: (Adblock Plus) - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1u1psced.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1580146942-300429447-1193542625-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-05-07] (AVAST Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-25] (BitRaider, LLC)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-05-04] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-03-28] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121304 2014-08-26] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-05] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-10-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [7986816 2016-11-06] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2146704 2017-04-29] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3115928 2017-04-29] (Electronic Arts)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2014-12-25] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2015-06-25] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635672 2014-05-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2016-06-04] () [File not signed]
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-07] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-07] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [507928 2017-05-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-07] (AVAST Software)
R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2016-04-02] (AVM Berlin)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-28] (BitRaider)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-12-24] ()
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [220104 2014-08-26] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-05-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-05-13] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2015-03-09] (Intel Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 18:03 - 2017-05-13 18:04 - 00021478 _____ C:\Users\Sarah\Desktop\FRST.txt
2017-05-13 17:58 - 2017-05-13 17:58 - 00000672 _____ C:\Users\Sarah\Desktop\Eset.txt
2017-05-13 15:58 - 2017-05-13 15:58 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-13 15:57 - 2017-05-13 15:57 - 02870984 _____ (ESET) C:\Users\Sarah\Downloads\esetsmartinstaller_deu.exe
2017-05-13 15:57 - 2017-05-13 15:57 - 02870984 _____ (ESET) C:\Users\Sarah\Desktop\esetsmartinstaller_deu.exe
2017-05-13 15:48 - 2017-05-13 15:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-13 15:48 - 2017-05-13 15:48 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-13 15:48 - 2017-05-13 15:48 - 00000000 ____D C:\Program Files\HitmanPro
2017-05-13 15:47 - 2017-05-13 15:46 - 11583584 _____ (SurfRight B.V.) C:\Users\Sarah\Desktop\HitmanPro_x64.exe
2017-05-13 15:46 - 2017-05-13 15:46 - 11583584 _____ (SurfRight B.V.) C:\Users\Sarah\Downloads\HitmanPro_x64.exe
2017-05-13 15:26 - 2017-05-13 15:13 - 00017941 _____ C:\Users\Public\Documents\Fixlog.txt
2017-05-13 15:18 - 2017-05-13 16:24 - 00105472 ___SH C:\Users\Sarah\Desktop\Thumbs.db
2017-05-13 15:17 - 2017-05-13 15:17 - 00291264 _____ C:\Windows\Minidump\051317-36312-01.dmp
2017-05-13 15:13 - 2017-05-13 15:13 - 00017941 _____ C:\Users\Sarah\Desktop\Fixlog.txt
2017-05-13 15:13 - 2017-05-13 15:13 - 00000512 _____ C:\Users\Sarah\Desktop\fixlist.txt
2017-05-13 14:49 - 2017-05-13 14:50 - 00000000 ____D C:\Users\Sarah\Desktop\own characters
2017-05-13 11:53 - 2017-05-13 11:53 - 01663672 _____ (Malwarebytes) C:\Users\Sarah\Desktop\JRT.exe
2017-05-13 11:35 - 2017-05-13 11:59 - 00000000 ____D C:\AdwCleaner
2017-05-13 11:33 - 2017-05-13 11:33 - 04102600 _____ C:\Users\Sarah\Desktop\AdwCleaner_6.046.exe
2017-05-12 20:37 - 2017-04-29 00:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-12 20:37 - 2017-04-29 00:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-12 11:58 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-12 11:58 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-12 11:58 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-12 11:58 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-11 17:46 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-11 17:46 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-11 17:46 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-11 17:46 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-11 17:46 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-11 17:46 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-11 17:46 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-11 17:46 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-11 17:46 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-11 17:46 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-11 17:46 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-11 17:46 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-11 17:46 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-11 17:46 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-11 17:46 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-11 17:46 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-11 17:46 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-11 17:46 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-11 17:46 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-11 17:46 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-11 17:46 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-11 17:46 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-11 17:46 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-11 17:46 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-11 17:46 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-11 17:46 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-11 17:46 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-11 17:46 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-11 17:46 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-11 17:46 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-11 17:46 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-11 17:46 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-11 17:46 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-11 17:46 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-11 17:46 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-11 17:46 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-11 17:46 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-11 17:46 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-11 17:46 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-11 17:46 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-11 17:46 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-11 17:46 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-11 17:46 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-11 17:46 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-11 17:46 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-11 17:46 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-11 17:46 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-11 17:46 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-11 17:46 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-11 17:46 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-11 17:46 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-11 17:46 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-11 17:46 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-11 17:46 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-11 17:46 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-11 17:46 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-11 17:46 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-11 17:46 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-11 17:46 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-11 17:46 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-11 17:46 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-11 17:46 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-11 17:46 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-11 17:46 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-11 17:46 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-11 17:46 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-11 17:46 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-11 17:46 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-11 17:46 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-11 17:46 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-11 17:46 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-11 17:46 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-11 17:46 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-11 17:46 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-11 17:46 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-11 17:46 - 2017-03-11 01:38 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-11 17:46 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-11 17:46 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-11 17:46 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-11 17:26 - 2017-05-13 18:03 - 00000000 ____D C:\FRST
2017-05-11 17:25 - 2017-05-11 17:25 - 02429440 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2017-05-10 18:50 - 2017-05-07 16:44 - 00003094 _____ C:\Users\Public\Documents\MWBT.txt
2017-05-07 16:35 - 2017-05-13 16:29 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-07 16:35 - 2017-05-13 15:18 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-07 16:35 - 2017-05-13 14:48 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-07 16:34 - 2017-05-13 15:18 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-07 16:34 - 2017-05-13 15:18 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-07 16:34 - 2017-05-07 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-07 16:34 - 2017-05-07 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-07 16:34 - 2017-05-07 16:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-07 16:34 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-07 16:33 - 2017-05-07 16:33 - 60107896 _____ (Malwarebytes ) C:\Users\Sarah\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-07 16:31 - 2017-05-07 16:32 - 08246426 _____ C:\Users\Sarah\Downloads\mbam-mac-1.2.6.730.dmg
2017-05-07 16:13 - 2017-02-23 16:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-07 16:13 - 2017-02-22 16:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-07 16:13 - 2017-02-22 16:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-07 16:13 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-05-07 16:13 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-05-07 16:13 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2017-05-07 16:13 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-05-07 16:13 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-05-07 16:13 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2017-05-07 16:13 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-05-07 16:13 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-05-07 16:13 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-05-07 16:13 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-05-07 16:13 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2017-05-07 16:13 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2017-05-07 16:13 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2017-05-07 16:13 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-05-07 16:13 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-05-07 16:13 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2017-05-07 16:13 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2017-05-07 16:13 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-05-07 16:13 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2017-05-07 16:13 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2017-05-07 16:13 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-05-07 16:13 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-05-07 16:13 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2017-05-07 16:13 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-05-07 16:13 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-05-07 16:13 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2017-05-07 16:13 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2017-05-07 16:13 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2017-05-07 16:13 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2017-05-07 16:13 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2017-05-07 16:13 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2017-05-07 16:12 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-07 16:12 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-07 16:12 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-07 16:12 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-07 16:12 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-07 16:12 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-07 16:12 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2017-05-07 16:12 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2017-05-07 16:12 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2017-05-07 15:58 - 2016-10-20 15:14 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-05-07 15:58 - 2016-10-20 15:10 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-05-07 15:51 - 2017-05-07 15:51 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-07 15:37 - 2017-05-07 15:37 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Temp
2017-05-05 09:35 - 2017-05-05 09:35 - 00000900 _____ C:\Users\Sarah\Documents\Bilder - Verknüpfung.lnk
2017-05-04 16:17 - 2017-05-04 16:17 - 00002040 _____ C:\Users\Public\Desktop\Paladins.lnk
2017-05-04 16:16 - 2017-05-04 16:17 - 75162992 _____ (Hi-Rez Studios) C:\Users\Sarah\Downloads\InstallPaladins.exe
2017-05-04 16:16 - 2017-05-04 16:16 - 00000000 __HDC C:\ProgramData\{6E35203C-6E98-4378-8362-112CFE55C2C1}
2017-05-04 16:16 - 2017-05-04 16:16 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-05-04 16:12 - 2017-05-04 16:17 - 00002047 _____ C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2017-05-04 16:12 - 2017-05-04 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-05-04 15:33 - 2017-05-04 15:33 - 00000000 ____D C:\Users\Sarah\AppData\Local\HirezLauncherUI
2017-05-04 15:30 - 2017-05-04 15:01 - 00382504 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-13 18:00 - 2016-11-18 19:55 - 00000000 ____D C:\Users\Sarah\AppData\LocalLow\Mozilla
2017-05-13 15:22 - 2014-04-23 18:08 - 00764460 _____ C:\Windows\system32\perfh007.dat
2017-05-13 15:22 - 2014-04-23 18:08 - 00159570 _____ C:\Windows\system32\perfc007.dat
2017-05-13 15:22 - 2014-03-18 11:53 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-13 15:22 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-13 15:18 - 2015-05-28 21:28 - 00000000 ___RD C:\Users\Sarah\OneDrive
2017-05-13 15:18 - 2015-05-28 21:21 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-13 15:18 - 2015-05-28 21:21 - 00000000 __SHD C:\Users\Sarah\IntelGraphicsProfiles
2017-05-13 15:17 - 2016-08-21 16:09 - 816005480 _____ C:\Windows\MEMORY.DMP
2017-05-13 15:17 - 2016-08-21 16:09 - 00000000 ____D C:\Windows\Minidump
2017-05-13 15:17 - 2016-01-27 15:27 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-13 15:17 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-13 15:13 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-05-13 15:00 - 2015-05-30 21:15 - 00000000 ____D C:\Users\Sarah\Desktop\WIP oder only AP
2017-05-13 14:57 - 2016-09-01 11:38 - 00000000 ____D C:\Users\Sarah\Desktop\refs
2017-05-13 14:50 - 2015-06-13 20:07 - 00000000 ____D C:\Users\Sarah\Desktop\fertige Zeichnungen
2017-05-13 11:46 - 2015-03-23 23:30 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-05-13 09:12 - 2016-04-02 14:01 - 00000000 ____D C:\Users\Sarah\AppData\Local\Deployment
2017-05-12 20:43 - 2015-07-24 13:58 - 00158880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-12 20:35 - 2013-08-22 16:44 - 00451544 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-12 18:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-12 18:10 - 2015-06-02 14:25 - 00000000 ____D C:\Windows\system32\MRT
2017-05-12 18:08 - 2015-06-02 14:25 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-12 18:07 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-12 18:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-12 12:06 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-11 17:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-11 17:28 - 2017-03-17 16:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-11 17:28 - 2015-08-01 16:40 - 00000000 ____D C:\ProgramData\Skype
2017-05-10 19:07 - 2015-05-28 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1580146942-300429447-1193542625-1001
2017-05-10 18:52 - 2015-10-18 12:02 - 00004342 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 18:52 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-07 16:25 - 2015-06-02 14:34 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-07 16:25 - 2015-03-23 23:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-07 16:25 - 2014-03-18 11:38 - 00000000 ____D C:\Windows\ShellNew
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-07 16:25 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-07 16:25 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\oobe
2017-05-07 15:54 - 2016-02-05 18:48 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1454690922
2017-05-07 15:54 - 2016-02-05 18:48 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-05-07 15:51 - 2017-03-24 21:19 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-05-07 15:51 - 2015-07-24 13:58 - 00569192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00128648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-07 15:51 - 2015-07-24 13:58 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00334576 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00311808 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00190256 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-05-07 15:50 - 2017-03-24 21:19 - 00049016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-05-07 15:50 - 2016-02-05 18:46 - 00507928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-05-07 15:50 - 2015-07-24 13:58 - 01007160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-07 15:50 - 2015-07-24 13:58 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-07 15:43 - 2016-11-18 16:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-07 15:43 - 2015-05-29 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-07 15:41 - 2015-06-07 13:56 - 00000419 _____ C:\Windows\BRWMARK.INI
2017-05-07 15:41 - 2015-06-07 13:56 - 00000027 _____ C:\Windows\BRPP2KA.INI
2017-05-05 22:40 - 2015-12-20 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-05 19:43 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-04 16:49 - 2016-01-27 15:43 - 00000000 ____D C:\Users\Sarah\Documents\My Games
2017-05-04 16:49 - 2016-01-27 15:27 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-05-04 16:15 - 2015-07-21 15:08 - 00000000 ____D C:\Users\Sarah\AppData\Local\CrashDumps
2017-05-04 16:12 - 2015-03-23 23:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-04 10:17 - 2015-07-12 09:34 - 00000000 ____D C:\Users\Sarah\Desktop\Schulkram
2017-05-02 17:15 - 2015-11-14 12:06 - 00000000 ____D C:\Users\Sarah\.maplesoft
2017-05-02 16:49 - 2015-12-20 11:20 - 00000000 ____D C:\Users\Sarah\Desktop\Maple Dateien
2017-05-02 15:23 - 2015-03-23 23:30 - 00000000 ____D C:\ProgramData\PCDr
2017-05-02 12:34 - 2015-05-28 21:20 - 00000000 ____D C:\Users\Sarah
2017-04-29 17:04 - 2015-06-03 16:10 - 00000000 ____D C:\ProgramData\Origin
2017-04-29 15:52 - 2015-06-03 16:10 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Origin
2017-04-29 15:52 - 2015-06-03 16:10 - 00000000 ____D C:\Program Files (x86)\Origin
2017-04-29 15:50 - 2016-05-01 19:25 - 00001267 _____ C:\Users\Sarah\Desktop\nativelog.txt
2017-04-29 15:40 - 2015-05-29 14:32 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\.minecraft
2017-04-29 15:29 - 2015-06-03 16:46 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-29 12:20 - 2015-03-23 23:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-04-29 12:18 - 2015-05-29 17:53 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\PCDr

==================== Files in the root of some directories =======

2016-01-15 16:34 - 2016-01-15 16:34 - 0005056 _____ () C:\Users\Sarah\AppData\Roaming\.minecraft - Verknüpfung.lnk
2017-01-10 16:06 - 2017-01-10 16:06 - 0005102 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2015-03-23 22:54 - 2015-03-23 22:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2016-12-27 19:16 - 2016-12-28 20:31 - 0000080 _____ () C:\Users\Sarah\AppData\Local\Temp\549d62c83689e6d3d2f1936c5946ee10.dll
2016-12-27 19:15 - 2016-12-27 19:15 - 0000512 _____ () C:\Users\Sarah\AppData\Local\Temp\8bd736a35b2b87b4ded8f9a160edae17.dll
2015-11-14 12:15 - 2015-11-14 12:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\BingSvc.exe
2015-08-01 16:51 - 2015-11-14 12:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\BSvcProcessor.exe
2015-08-01 16:51 - 2015-11-14 12:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\BSvcUpdater.exe
2016-04-15 15:57 - 2016-04-15 15:57 - 0000512 _____ () C:\Users\Sarah\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
2016-04-15 15:57 - 2016-04-15 15:57 - 0000069 _____ () C:\Users\Sarah\AppData\Local\Temp\df9ea10e15964d6e6fe8764a0e4693d1.dll
2015-11-14 14:33 - 2016-12-22 18:28 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7400009.dll
2015-06-03 16:01 - 2015-06-03 16:01 - 20844712 _____ (Electronic Arts, Inc.) C:\Users\Sarah\AppData\Local\Temp\EADD2C3.exe
2015-09-18 17:06 - 2015-09-18 17:06 - 24506360 _____ (ArenaNet) C:\Users\Sarah\AppData\Local\Temp\Gw2.exe
2017-05-04 16:18 - 2017-04-17 17:36 - 0037376 _____ (Microsoft) C:\Users\Sarah\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
2017-05-04 16:18 - 2017-04-17 14:23 - 0020480 _____ (Microsoft) C:\Users\Sarah\AppData\Local\Temp\HiRezLauncherControls.dll
2016-12-17 17:48 - 2016-12-17 17:48 - 37171128 _____ () C:\Users\Sarah\AppData\Local\Temp\InstallIMVU_529.0.exe
2015-07-24 13:30 - 2015-01-22 13:10 - 0098832 _____ (McAfee Inc.) C:\Users\Sarah\AppData\Local\Temp\mccspuninstall.exe
2015-05-30 18:12 - 2015-05-30 18:12 - 50284752 _____ (Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
2015-05-31 18:38 - 2010-08-13 06:57 - 0149352 ____R (Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\ose00000.exe
2015-05-31 19:22 - 2010-08-13 06:57 - 0149352 ____R (Microsoft Corporation) C:\Users\Sarah\AppData\Local\Temp\ose00002.exe
2016-05-12 06:50 - 2016-05-12 06:51 - 11217920 _____ () C:\Users\Sarah\AppData\Local\Temp\SkypeSetup.exe
2009-03-28 23:08 - 2009-03-28 23:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Sarah\AppData\Local\Temp\UninstallEADM.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-13 13:14

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Sarah (13-05-2017 18:05:07)
Running from C:\Users\Sarah\Desktop
Windows 8.1 (Update) (X64) (2015-05-28 19:21:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1580146942-300429447-1193542625-500 - Administrator - Disabled)
Guest (S-1-5-21-1580146942-300429447-1193542625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1580146942-300429447-1193542625-1008 - Limited - Enabled)
papa admin (S-1-5-21-1580146942-300429447-1193542625-1006 - Administrator - Enabled) => C:\Users\papa admin
Sarah (S-1-5-21-1580146942-300429447-1193542625-1001 - Administrator - Enabled) => C:\Users\Sarah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abenteuer auf dem Reiterhof - Die wilden Mustangs (HKLM-x32\...\{F715F7A4-67BA-11DD-93EF-B74D56D89593}) (Version: 1.00.0000 - Phoenix Interactive)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alicia (HKLM-x32\...\Alicia) (Version: 1.0.0.0 - NtreevSoft)
AMD Catalyst Install Manager (HKLM\...\{2A570AD7-943C-944A-262B-4794578E8E33}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - Nordic Games GmbH)
ArtRage Studio (HKLM-x32\...\{A35086FB-486A-47FB-8D29-92A7DA63B0D2}) (Version: 3.5.12 - Ambient Design)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.2.0.1 - Corel Corporation)
Corel PaintShop Pro X4 (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.36.024017 - Electronic Arts Inc.)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
FireAlpaca 1.4.1 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.4.1 - firealpaca.com)
flockmod tablet edition (HKLM-x32\...\flockmod-air-tablet-ed) (Version: 1.4.0 - UNKNOWN)
flockmod tablet edition (x32 Version: 1.4.0 - UNKNOWN) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Frets On Fire (HKLM-x32\...\Frets on Fire) (Version: 1.3.110-win32 - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\195fa74437467f40) (Version: 2.3.4.0 - AVM Berlin)
Gameforge Live 2.0.11 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.11 - Gameforge)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.1.0 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Horse Life (HKLM-x32\...\Horse Life_is1) (Version:  - )
ICA (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{694000a5-c594-49d2-b6e4-ef3960120b0f}) (Version: 17.1.0 - Intel Corporation)
IPM_PSP_COM (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
Krita Desktop (x64) 2.9.7.6 (HKLM\...\{4A62AB27-ED63-4A93-B708-05440FCE4298}) (Version: 2.9.7.6 - Krita Foundation)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio Debut 4.0 (HKLM-x32\...\Manga Studio Debut 4.0) (Version:  - )
Maple 18 (HKLM\...\Maple 18) (Version: 18 - Maplesoft)
MediBang Paint Pro 8.0 (32-bit) (HKLM-x32\...\MediBang Paint Pro_is1) (Version: 8.0 - Medibang)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 de)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 de)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 de) (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\Mozilla Thunderbird 38.5.1 (x86 de)) (Version: 38.5.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.8.36918 - Electronic Arts, Inc.)
PaintTool SAI version 1.2.0 (HKLM-x32\...\{53BB7213-AC5D-4437-968B-46EA40684B6C}_is1) (Version: 1.2.0 - SystemaxJP, Inc.)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.49.1796.3 - Hi-Rez Studios)
PSPPContent (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 14.2.0.1 - Corel Corporation) Hidden
PSPPro64 (Version: 14.2.0.1 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.014 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7363 - Realtek Semiconductor Corp.)
Riding Club Championships (HKLM\...\Steam App 509420) (Version:  - Artplant)
Riding Star 2 (Nur Entfernen) (HKLM-x32\...\Riding Star 2) (Version:  - )
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 14.2.0.1 - Ihr Firmenname) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Star Stable (HKLM-x32\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lost Crown version 1.2.1 (HKLM-x32\...\The Lost Crown_is1) (Version: 1.2.1 - Darkling Room)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience)
True Color (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
Twin Saga DE (HKLM-x32\...\Twin Saga DE) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1580146942-300429447-1193542625-1001\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {065423C8-4C1E-404F-B289-CC86213E4D01} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {11C3C4D3-DC00-4547-950E-2536F7ECE2D8} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {2ECB42B9-FEA1-4283-B18B-602D7DA0E877} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {5F23B762-A73E-4865-94C1-4E58C32EC91C} - System32\Tasks\SafeZone scheduled Autoupdate 1454690922 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {636B698E-4B0C-4650-9B9C-06DA0A8462C9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {65C95D87-1454-4473-8B4A-657217D5DD1C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {8BA883E6-FDCC-445C-BE73-14CD04CA3E68} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {A3D84FAD-53ED-44C3-AA71-3CD86A8CB035} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-10] (Adobe Systems Incorporated)
Task: {B070CC6E-9810-4BAD-BE95-6486924FE772} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D7CFB08F-EBBF-4816-BAF0-D6124AAB693B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {DBDA5509-DBAE-4E96-8DCC-9D62022CF324} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E3CC9D1D-44A1-414C-A049-24B4B01DA473} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {E569C4CC-4038-4043-8CA8-47FFCC30996B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-07] (AVAST Software)
Task: {F96500E8-CDE3-4559-8F0F-252DF06BED69} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F97C46B5-6CA0-439C-B4FA-35E33C5D3E5C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {FA976113-C614-4E7C-BDE9-7082F311258B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-28] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-07 18:06 - 2014-04-07 18:06 - 00466944 _____ () C:\Windows\system32\DPPPlugin.dll
2014-12-25 08:27 - 2014-12-25 08:27 - 00094160 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2015-06-25 08:53 - 2015-06-25 08:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2017-05-07 16:34 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-05-07 16:34 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-03-23 23:33 - 2014-06-05 00:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2015-03-23 23:33 - 2014-06-05 00:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2015-03-23 23:33 - 2014-06-05 00:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-05-30 18:24 - 2014-05-21 18:14 - 01356568 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-03-23 22:16 - 2015-09-05 23:42 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2014-09-02 20:40 - 2014-09-02 20:40 - 00462160 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2017-05-07 15:50 - 2017-05-07 15:50 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-07 15:51 - 2017-05-07 15:51 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-07 15:50 - 2017-05-07 15:50 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2014-10-10 18:37 - 2014-10-10 18:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-02 20:40 - 2014-09-02 20:40 - 00214352 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2014-09-02 20:40 - 2014-09-02 20:40 - 00114000 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1580146942-300429447-1193542625-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sarah\Pictures\Hintergründe\maxresdefault.jpg
HKU\S-1-5-21-1580146942-300429447-1193542625-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02AAD68B-13CC-4D77-8340-B339D32AFB61}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{541B55AB-6CE2-400A-BDC9-DF06DC366AFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C026F55B-14EB-482E-A196-6AF5CBEC49AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F7C3E72-31A4-4A97-A8D6-8167EB643F28}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{E059C0A7-990B-4EF8-8539-84BB8A51C979}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1EF03B25-08D9-4CB6-9619-52AABB4B494A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{20A990DC-7F27-4AC6-BC10-AEDE4227E78F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{C1904E5E-4D6F-49BE-8EE4-FA9CE6CFC3FE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CD5A63B8-42AA-43BD-80F0-E2FE9DFD9884}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{260BF685-D974-4319-B794-12210F812408}C:\program files (x86)\deep silver\horse life\autorun.exe] => (Block) C:\program files (x86)\deep silver\horse life\autorun.exe
FirewallRules: [UDP Query User{724E3C35-CBE4-43D5-950B-36E221ACD741}C:\program files (x86)\deep silver\horse life\autorun.exe] => (Block) C:\program files (x86)\deep silver\horse life\autorun.exe
FirewallRules: [TCP Query User{AE7020BB-E413-4488-9572-A6993109D250}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{85263735-F83F-466B-BE9F-1193D7FE4E3D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{DB446EDB-492D-4010-A5B4-1BC0A12E9744}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0E40CC18-5A3D-4FFF-BB7C-DBED92F4C46F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{49BCABE9-BBA2-4AA1-ABA3-308B1A30121E}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{024F5CF1-F807-4E1F-881D-B55F173ECE04}C:\program files\maple 18\jre\bin\maple.exe] => (Allow) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [{27A218C9-474B-4668-89F0-D5BEE9515474}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DB1FDDA-1C3D-4C6E-82E3-984F080A7703}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0EBAF9A0-BEBB-42D8-800E-A46E82B0210E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{5563583E-B0E1-4188-830C-B798FEDF45CA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{41A089A7-E9EA-4564-BFE4-03A7995B0357}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1D0FB206-644F-4B01-ABB4-D1350F0D2112}] => (Allow) LPort=2869
FirewallRules: [{8020E7F3-FD7D-40B5-B7CA-4439289B05EC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{C896C8BC-D1A6-4632-B18C-00078EF405D4}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{F4BB8DEA-260E-4454-90BC-5FDBD9ADB50F}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{1590CDAC-8EC9-4CFA-AC9E-15F70E25A30B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1AA54BB8-B927-47C8-9699-73B1AEB31E2F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0D04F30F-45BE-4412-8960-EA6437D665AC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D24B2139-06AF-4683-B6A6-1A7F17964629}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B7DD02DD-E4EB-406F-96D8-69869AF2CDE7}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E1F71C50-7E88-4FBD-ACB6-55839DF1CFBF}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{326A3BF7-966F-4F52-AD24-9594811C72A3}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{F16AC08F-87B6-4633-A746-0D59DFCF2D1A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{C625C9A3-EC0A-42BF-9CF8-EDDE152C13F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{84B93C6F-62E1-40E4-B87A-655AF9BAAF78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [TCP Query User{772A04BD-FFE3-487B-9184-2D8E2495F519}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{B0665C13-43E9-4FA6-A730-614E522B6E21}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{8F62C283-EF42-4F47-B107-589AF53EBDA4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9534CDF9-B24D-40B2-B6A2-9AC433956D38}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{841DC423-8D1D-4AF2-9D4A-5CB316E9E09C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{A1D21670-23E6-47DD-AB5C-993C5B873CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [TCP Query User{59EA195C-58B6-49E8-841D-B4C355BDD79D}C:\program files\maple 18\jre\bin\maple.exe] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [UDP Query User{D713203F-5654-4F45-827B-380CB0857234}C:\program files\maple 18\jre\bin\maple.exe] => (Block) C:\program files\maple 18\jre\bin\maple.exe
FirewallRules: [TCP Query User{600161C9-CD03-494D-9AE7-B52F5DCF5984}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{12D44C1E-FE3A-4DFE-820F-607EA23A4618}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D4F8382E-C667-46FA-B85E-A21A20A1DD12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{5432DDA0-7AAD-4C0A-857F-881B53E987C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{BF06EF00-6963-4438-A0B8-C0FE91876996}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{147D5682-530E-4A94-8440-969C43FE1D20}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [TCP Query User{109497A3-4868-4C6F-9BE1-28D8249EDFD7}C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe] => (Block) C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{87312F97-97A9-45F6-9A08-FB44734D3C1C}C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe] => (Block) C:\users\sarah\appdata\local\apps\2.0\jr3jznhj.kxy\era8lm1p.aax\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{A4473DE0-E065-4D09-AE4D-A02FB0190E7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1AAEF791-6AB9-4A28-8506-9BF5F428D673}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1ED98C21-CCC8-436B-8389-1EE29EE6BD6E}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{24905A95-7A6F-4688-AD3D-5F14441A06D8}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{9FEF3DAB-8700-4A09-ACA6-8BAF7CC07939}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [TCP Query User{AEA3CF56-BCE4-483E-965E-5AECB2E5F3B7}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [UDP Query User{7921F6FA-F432-4513-8E52-61080DA2C32A}C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\riders of icarus\bin64\launcher.exe
FirewallRules: [{530EF970-50EE-46A7-9D37-06054DAADD99}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{95E240C1-383D-4E8C-84F8-D62CC5865FF6}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{F67BEDFD-6F4D-4C5D-8151-9D4CDAA1C4FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RidingClubChampionships\rcc.exe
FirewallRules: [{54C37421-867D-462F-8FA0-957FF04F86F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RidingClubChampionships\rcc.exe
FirewallRules: [{DC8D09E5-3878-49B9-A84F-45CF10A5D4B4}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{96777B42-7D8A-4E60-B6EB-A3580A2612A7}] => (Allow) C:\Users\Sarah\AppData\Local\Apps\2.0\JR3JZNHJ.KXY\ERA8LM1P.AAX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe
FirewallRules: [{5758B12D-7421-46A4-AF1F-1335AAF08A5C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7C9AE3E-D680-4FB7-9DAE-AA8CF6F1F4FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BCCFE84F-72C2-4F6D-9A94-53D78E77AEBA}] => (Allow) C:\AeriaGames\TwinSaga-DE\game.bin
FirewallRules: [{8FE71C08-C6B7-4EE8-95CA-62141112483A}] => (Allow) C:\AeriaGames\TwinSaga-DE\game.bin
FirewallRules: [TCP Query User{80C64DF3-A288-4721-A24F-942514B2766B}C:\users\sarah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sarah\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E087CF16-BF43-4085-A986-B42AEF455D75}C:\users\sarah\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\sarah\appdata\local\akamai\netsession_win.exe
FirewallRules: [{CD175CDD-5D8B-4E22-8315-40F79F92E45A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{FA1FCF40-0F76-435A-ABF4-EDA0E19DA96A}] => (Allow) C:\Users\Sarah\AppData\Local\Gametree\Alicia\Alicia.exe
FirewallRules: [{3C893A62-2A4C-4810-B38A-8968168A4946}] => (Allow) C:\Users\Sarah\AppData\Local\Gametree\Alicia\Alicia.exe
FirewallRules: [{541F72FB-2CCE-4A2D-B640-6DCBB2754A3C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

==================== Restore Points =========================

23-04-2017 15:34:21 Installed CLIP STUDIO PAINT
04-05-2017 16:11:48 Removed Hi-Rez Studios Games
07-05-2017 16:13:29 Windows Update
12-05-2017 11:57:26 Windows Update
13-05-2017 11:56:22 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2017 05:59:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:59:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:58:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:58:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sarah\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:58:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sarah\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:58:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sarah\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:58:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sarah\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:57:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sarah\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 03:57:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sarah\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/13/2017 09:14:50 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (05/13/2017 03:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (05/13/2017 03:59:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sarah\AppData\Local\Temp\ehdrv.sys

Error: (05/13/2017 03:59:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (05/13/2017 03:59:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sarah\AppData\Local\Temp\ehdrv.sys

Error: (05/13/2017 03:59:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (05/13/2017 03:59:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sarah\AppData\Local\Temp\ehdrv.sys

Error: (05/13/2017 03:44:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-1580146942-300429447-1193542625-1001-05132017154456250-ntuser.dat

Error: (05/13/2017 03:17:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (05/13/2017 03:17:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/13/2017 03:17:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.


CodeIntegrity:
===================================
  Date: 2017-05-13 15:16:56.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-13 14:47:54.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-13 11:47:38.354
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-12 20:35:13.433
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 16:46:31.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 16:27:47.416
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 15:53:02.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-07 15:43:05.362
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-04 15:51:29.729
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-03-24 20:21:02.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\acedrv07.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8106.45 MB
Available physical RAM: 4906.17 MB
Total Virtual: 16298.45 MB
Available Virtual: 13058.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.94 GB) (Free:676.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4C1244D)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

M-K-D-B · 14.05.2017, 11:55

Servus,

der Logdatei von ESET ist zu entnehmen, dass du dir schon wieder lauter Müll runtergeladen hast bzw. wolltest.

"6W97bb4H.exe" und "prsetup.exe" ... keine Ahnung, was das ist, aber es kann nur Müll sein.

Reste entfernen

Kopiere den Inhalt der folgenden Code-Box:
Code:
ATTFilter
```
Start::
CloseProcesses:
EmptyTemp:
End::
         
```
Starte nun FRST und klicke den Entfernen Button.
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Hinweise:
Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
Starte deinen Rechner zum Abschluss neu auf.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen.

Virenscanner + Firewall
Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware.

Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

Emsisoft Anti-Malware (kostenpflichtig)
ESET NOD32 Antivirus (kostenpflichtig)
Microsoft Security Essentials (kostenlos)

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird)

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen.
Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms.

Absicherungen
Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren.
Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen.

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:

Browser (Internet Explorer, Edge, Firefox, Chrome, Opera, etc.)
Flash-Player
Java
Adobe Reader

Optionale Browsererweiterungen

Adblock Plus oder uBlock Origin (Firefox - Chrome) - können Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren
NoScript - verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden.

Grundsätzliches

Ändere regelmäßig deine Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems. Genaueres dazu findest du unten im Lesestoff zu Backups.
Lade keine Software von Chip, Softonic, SourceForge oder VLC.de. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Lade Software von einem sauberen Portal wie oder direkt beim jeweiligen Hersteller / Entwickler.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne die Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten bis nicht belegbar. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht.
Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Lesestoff:
Backup-/Image-Tools

Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), ansonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor "Verschlüsselungstrojanern" zu schützen.

Du solltest dich für eines der folgenden Programmen entscheiden und damit regelmäßig deine Daten sichern.

Optioin 1 - Drivesnapshot
Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe

Screenshots:
http://www.drivesnapshot.de/images/startup.png
http://www.drivesnapshot.de/images/save3.png

Option 2 - Seagate DiscWizard
Seagate DiscWizard - Download - Filepony

Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg

Option 3 - Acronis TrueImage WD Edition
Acronis True Image WD Edition - Download - Filepony

Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg

NH71 · 14.05.2017, 13:37

Hallo

Zitat:

der Logdatei von ESET ist zu entnehmen, dass du dir schon wieder lauter Müll runtergeladen hast bzw. wolltest.

ich selber habe nichts weiter geladen

Ist das jetzt wieder weg ??

Beim fixen mit FSRT gab es wieder den selben Bluescreen

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Sarah (14-05-2017 14:20:19) Run:2
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah & papa admin (Available Profiles: Sarah & papa admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
EmptyTemp:

*****************

Processes closed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10580471 B
Java, Flash, Steam htmlcache => 492 B

M-K-D-B · 15.05.2017, 15:09

Ok, sollte trotzdem passen.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine Profilnachricht inklusive Link zum Thema.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.