Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner-Warnung - Antwort vom Seitenbetreiber (https://www.trojaner-board.de/168746-trojaner-warnung-antwort-seitenbetreiber.html)

wegasoft 16.07.2015 11:07
Trojaner-Warnung - Antwort vom Seitenbetreiber
 
Liste der Anhänge anzeigen (Anzahl: 2)
Servus!
Aufgrund einer Trojaner-Warnung von ESET hab ich den Seitenbetreiber informiert.

Dieser ist der Meinung, die Meldung würde generiert, weil sich der Trojaner auf meinem PC befindet.

Kann das stimmen?

Hab die betreffenden Screenshots angehängt.
Systeminfo: Windows 8.1

Gruß
John

cosinus 16.07.2015 11:14
Ja, das kann stimmen. Weil sich aktuelle Malware/Junkware gern in den Browser einnistet um zB den Benutzer seinen SPAM anzuzeigen.

wegasoft 16.07.2015 11:24
Zitat:
Zitat von cosinus (Beitrag 1488251)
Ja, das kann stimmen. Weil sich aktuelle Malware/Junkware gern in den Browser einnistet um zB den Benutzer seinen SPAM anzuzeigen.
Dann sollte ich wohl mal den Browser prüfen.
Wie mache ich das am Besten?

Genutzt werden Firefox und Opera.
Letzterer eher selten.

cosinus 16.07.2015 11:29
Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

wegasoft 16.07.2015 11:39
Anbei die Logs:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by John (administrator) on HOMEOFFICE on 16-07-2015 12:35:20
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Atheros Communications)
HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\Run: [Dropbox Update] => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3752888199-105568141-2537367680-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar344.lnk [2015-07-16]
ShortcutTarget: Sidebar344.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3752888199-105568141-2537367680-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3752888199-105568141-2537367680-1001 -> {7E47F340-1B64-42AF-A9DD-A621EE34266D} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{73319C2E-039F-466C-AA0A-A00A1DF1EB37}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: YouTube Unblocker - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\youtubeunblocker@unblocker.yt [2015-03-24]
FF Extension: DownThemAll! AntiContainer - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\anticontainer@downthemall.net.xpi [2015-03-24]
FF Extension: Lightbeam - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-09]
FF Extension: FlashGot - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-11]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-06-11]
FF Extension: Video DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-24]
FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4282904 2015-05-11] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-07-13] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [159480 2015-03-10] (ESET)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 12:35 - 2015-07-16 12:35 - 00016300 _____ C:\Users\John\Downloads\FRST.txt
2015-07-16 12:35 - 2015-07-16 12:35 - 00000000 ____D C:\FRST
2015-07-16 12:34 - 2015-07-16 12:34 - 02133504 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-07-15 12:41 - 2015-07-15 12:41 - 00000000 ____D C:\Users\John\AppData\Local\Tools&More
2015-07-15 12:41 - 2015-07-15 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2015-07-15 12:41 - 2015-07-15 12:41 - 00000000 ____D C:\Program Files (x86)\Tools&More
2015-07-15 12:40 - 2015-07-15 12:40 - 02771643 _____ C:\Users\John\Downloads\joe-4setup.exe
2015-07-15 12:31 - 2015-07-15 12:41 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-15 11:11 - 2015-07-15 11:12 - 04452903 _____ C:\Users\John\Downloads\Ruthe.de - Das Klo.3gp
2015-07-15 11:10 - 2015-07-15 11:10 - 11113370 _____ C:\Users\John\Downloads\Ruthe.de - Das Klo.mp4
2015-07-15 07:53 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 07:53 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 07:53 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 07:53 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 07:53 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 07:53 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 07:53 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 07:53 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 07:53 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 07:53 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 07:53 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 07:53 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 07:53 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 07:53 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 07:53 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 07:53 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 07:53 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 07:53 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 07:53 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 07:53 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 07:53 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 07:53 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 07:53 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 07:53 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 07:53 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 07:53 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 07:53 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 07:53 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 07:53 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 07:53 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 07:53 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 07:53 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 07:53 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 07:51 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 07:51 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 07:51 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 07:51 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 07:51 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 07:51 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 07:51 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 07:51 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 07:51 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 07:51 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 07:51 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 07:51 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 07:51 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 07:51 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 07:51 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 07:51 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 07:51 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 07:51 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 07:51 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 07:51 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 07:51 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 07:51 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 07:51 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 07:51 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 07:51 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 07:51 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 07:51 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 07:51 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 07:51 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 07:51 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 07:51 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 07:51 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 07:51 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 07:51 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 07:51 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 07:51 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 07:51 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 07:51 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 07:51 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 07:51 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 07:51 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 07:51 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 07:51 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 07:51 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 07:51 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 07:51 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 07:51 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 07:51 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 07:51 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 07:51 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 07:51 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 07:51 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 07:51 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 07:51 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 07:51 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 07:51 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 07:51 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 07:51 - 2015-05-11 20:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 07:51 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 07:51 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 07:51 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 07:51 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 07:51 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 07:51 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 07:51 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 07:51 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 07:51 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 07:51 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 07:51 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 07:51 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 07:51 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 07:46 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 07:46 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 07:46 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 07:46 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 07:46 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 07:46 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 07:46 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 07:46 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 07:46 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 07:46 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-15 07:45 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 07:45 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 07:45 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 07:45 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 10:30 - 2015-07-14 10:30 - 02527096 _____ C:\Users\John\Downloads\media_w945407693_1.ts
2015-07-14 10:29 - 2015-07-14 10:29 - 03036012 _____ C:\Users\John\Downloads\media_w1037358837_21.ts
2015-07-14 10:16 - 2015-07-14 10:17 - 02751380 _____ C:\Users\John\Downloads\media_w1037358837_8.ts
2015-07-13 15:00 - 2015-07-13 15:00 - 00000000 ____D C:\FFOutput
2015-07-13 00:45 - 2015-07-13 00:46 - 00000000 ____D C:\Users\John\AppData\Roaming\DAEMON Tools Lite
2015-07-13 00:45 - 2015-07-13 00:46 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-07-13 00:14 - 2015-07-13 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-13 00:14 - 2015-07-13 00:14 - 00000000 ____D C:\Program Files\7-Zip
2015-07-13 00:13 - 2015-07-13 00:13 - 01376768 _____ C:\Users\John\Downloads\7z920-x64.msi
2015-07-12 23:54 - 2015-07-12 23:54 - 00000000 ____D C:\Users\John\AppData\Local\ratDVD
2015-07-12 23:53 - 2015-07-12 23:53 - 04730740 _____ (ratDVD) C:\Users\John\Downloads\ratDVDSetup-0.78.1444.exe
2015-07-12 19:42 - 2015-07-12 19:55 - 380572925 _____ C:\Users\John\Downloads\COSDAY 2015(1).mp4
2015-07-12 19:38 - 2015-07-12 19:39 - 361850213 _____ C:\Users\John\Downloads\Der Lee - CosDay 2015 _ Nordwest Zentrum Frankfurt.mp4
2015-07-12 01:05 - 2015-07-12 01:06 - 504383058 _____ C:\Users\John\Downloads\Just For Laugh 2015 - Full Episodes April 2015.mp4
2015-07-12 00:03 - 2015-07-12 00:04 - 50407543 _____ C:\Users\John\Downloads\DWO - Doctor Who Cast _ Crew '500 Miles'.mp4
2015-07-09 20:47 - 2015-07-09 20:47 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 14:52 - 2015-07-08 14:52 - 00000000 ____D C:\Users\John\Documents\Eigene Scans
2015-07-08 14:48 - 2015-07-08 14:48 - 00000000 ____D C:\Users\John\AppData\Local\HP
2015-07-08 14:47 - 2015-07-08 14:47 - 00000292 _____ C:\Windows\Tasks\WebReg HP Deskjet F4200 series.job
2015-07-08 14:46 - 2015-07-08 14:48 - 00000000 ____D C:\Users\John\AppData\Roaming\HP
2015-07-08 14:46 - 2015-07-08 14:46 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-07-08 14:46 - 2015-07-08 14:46 - 00000000 ____D C:\Users\John\AppData\Roaming\HpUpdate
2015-07-08 14:46 - 2015-07-08 14:46 - 00000000 ____D C:\ProgramData\WEBREG
2015-07-08 14:45 - 2015-07-08 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-07-08 14:45 - 2015-07-08 14:45 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-07-08 14:45 - 2015-07-08 14:45 - 00001335 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-07-08 14:45 - 2015-07-08 14:45 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-07-08 14:44 - 2015-07-08 14:46 - 00000000 ____D C:\Program Files (x86)\HP
2015-07-08 14:43 - 2015-07-08 14:46 - 00204268 _____ C:\Windows\hpoins28.dat
2015-07-08 14:43 - 2015-07-08 14:46 - 00000823 _____ C:\ProgramData\hpzinstall.log
2015-07-08 14:43 - 2012-09-26 17:48 - 00000584 ____N C:\Windows\hpomdl28.dat
2015-07-08 14:42 - 2015-07-08 14:47 - 00000000 ____D C:\ProgramData\HP
2015-07-08 14:42 - 2009-07-08 12:51 - 00938496 _____ (Hewlett-Packard) C:\Windows\system32\hpowiax7.dll
2015-07-08 14:42 - 2009-07-08 12:51 - 00740864 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl6.dll
2015-07-08 14:42 - 2009-07-08 12:51 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2015-07-08 14:42 - 2009-07-08 12:51 - 00505344 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst15.dll
2015-07-08 14:41 - 2015-07-08 14:42 - 188204936 _____ C:\Users\John\Downloads\DJ_AIO_03_F4200_NonNet_Full_WW_140_404-4.exe
2015-07-08 14:39 - 2015-07-08 14:39 - 03748672 _____ (Oleg N. Scherbakov) C:\Users\John\Downloads\HPSupportSolutionsFramework-12.0.26.exe
2015-07-08 14:39 - 2015-07-08 14:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-08 14:27 - 2015-07-08 14:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-08 11:16 - 2015-07-08 11:16 - 00000380 _____ C:\Users\John\Documents\wifiguard.txt
2015-07-08 11:13 - 2015-07-08 11:13 - 01923360 _____ (SoftPerfect Research ) C:\Users\John\Downloads\wifiguard_windows_setup.exe
2015-07-08 11:13 - 2015-07-08 11:13 - 00000931 _____ C:\Users\Public\Desktop\SoftPerfect WiFi Guard.lnk
2015-07-08 11:13 - 2015-07-08 11:13 - 00000000 ____D C:\Users\John\AppData\Local\WiFi Guard
2015-07-08 11:13 - 2015-07-08 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard
2015-07-08 11:13 - 2015-07-08 11:13 - 00000000 ____D C:\Program Files\SoftPerfect WiFi Guard
2015-07-08 10:54 - 2015-07-08 11:02 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Free
2015-07-08 10:54 - 2015-07-08 10:54 - 00000891 _____ C:\Users\John\Desktop\Acrylic Wi-Fi Free.lnk
2015-07-08 10:54 - 2015-07-08 10:54 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Free
2015-07-08 10:54 - 2015-07-08 10:54 - 00000000 ____D C:\Users\John\AppData\Roaming\Acrylic Wi-Fi Free
2015-07-08 10:53 - 2015-07-08 10:53 - 06071728 _____ (Tarlogic Security S.L. ) C:\Users\John\Downloads\Acrylic_WiFi_Free_v2.3.5652.32360-Setup.exe
2015-07-08 10:47 - 2015-07-08 10:47 - 00000000 __SHD C:\Users\John\AppData\Local\icsxml
2015-07-08 10:46 - 2015-07-08 10:46 - 00000038 ___SH C:\Users\John\AppData\Local\69ff07055291669bb2b218.72821112
2015-07-08 10:46 - 2015-07-08 10:46 - 00000000 ____D C:\Users\John\AppData\Local\MetaGeek,_LLC
2015-07-08 10:45 - 2015-07-08 10:45 - 05664768 _____ C:\Users\John\Downloads\inSSIDer42012-installer.msi
2015-07-08 10:36 - 2015-07-08 10:36 - 00012800 ___SH C:\Users\John\Documents\Thumbs.db
2015-07-08 10:35 - 2015-07-08 10:35 - 00016481 _____ C:\Users\John\Documents\ACER WIFI.odt
2015-07-08 05:03 - 2015-07-08 05:03 - 00326954 _____ C:\Users\John\Downloads\User Manual_Acer_1.0_A_A.zip
2015-07-08 04:18 - 2015-07-16 01:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-20 15:41 - 2015-07-16 01:46 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA.job
2015-06-20 15:41 - 2015-07-15 15:46 - 00001190 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core.job
2015-06-20 15:41 - 2015-06-20 15:41 - 00004186 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA
2015-06-20 15:41 - 2015-06-20 15:41 - 00003806 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core
2015-06-20 15:41 - 2015-06-20 15:41 - 00000000 ____D C:\Users\John\AppData\Local\Dropbox
2015-06-20 15:41 - 2015-06-20 15:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-18 01:27 - 2015-06-18 01:27 - 11828657 _____ C:\Users\John\Downloads\Cats vs. Socks.mp4
2015-06-18 01:21 - 2015-06-18 01:21 - 09470778 _____ C:\Users\John\Downloads\How To Make a Handmade Book.mp4
2015-06-18 00:07 - 2015-06-18 00:07 - 61855696 _____ C:\Users\John\Downloads\Rhapsody of Fire - Christopher Lee - Magic of Wizard's Dream Battlespace version.mp4
2015-06-17 16:43 - 2015-06-17 16:56 - 00000000 ____D C:\Wer
2015-06-17 15:39 - 2015-06-17 15:39 - 00069627 _____ C:\Users\John\Downloads\greifswaler-deutsche-schrift.zip
2015-06-17 15:39 - 2015-06-17 15:39 - 00000000 ____D C:\Users\John\Downloads\greifswaler-deutsche-schrift

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 12:29 - 2015-05-17 08:19 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 12:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-16 09:19 - 2015-01-09 21:19 - 01209472 _____ C:\Windows\WindowsUpdate.log
2015-07-16 09:00 - 2015-03-23 16:22 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-07-16 05:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-16 05:09 - 2015-03-23 17:36 - 00000000 ____D C:\Users\John\AppData\Roaming\UseNeXT
2015-07-16 02:00 - 2015-03-23 18:44 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2015-07-16 01:49 - 2015-01-07 08:48 - 00764340 _____ C:\Windows\system32\perfh007.dat
2015-07-16 01:49 - 2015-01-07 08:48 - 00159160 _____ C:\Windows\system32\perfc007.dat
2015-07-16 01:49 - 2014-03-18 12:03 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 01:46 - 2015-04-11 11:22 - 00000000 __RDO C:\Users\John\OneDrive
2015-07-16 01:46 - 2015-03-23 17:24 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2015-07-16 01:45 - 2015-03-25 14:25 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb.job
2015-07-16 01:44 - 2013-08-22 16:46 - 00033691 _____ C:\Windows\setupact.log
2015-07-16 01:44 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 01:44 - 2013-08-22 16:44 - 00377408 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 01:43 - 2015-03-23 16:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-16 01:43 - 2014-03-18 11:54 - 00016616 _____ C:\Windows\PFRO.log
2015-07-16 01:43 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-16 01:42 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 01:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-07-15 23:24 - 2015-05-17 08:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 23:24 - 2015-03-25 14:25 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb
2015-07-15 20:56 - 2015-04-12 19:17 - 00754176 ___SH C:\Users\John\Downloads\Thumbs.db
2015-07-15 16:22 - 2015-03-23 16:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3752888199-105568141-2537367680-1001
2015-07-15 12:43 - 2015-03-24 00:38 - 00000000 ____D C:\Users\John\Desktop\System
2015-07-15 11:17 - 2015-03-23 18:22 - 00000000 ____D C:\Users\John\AppData\Roaming\MyPhoneExplorer
2015-07-15 10:04 - 2015-04-11 14:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 10:04 - 2015-04-11 14:12 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 10:03 - 2015-03-25 11:16 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 19:03 - 2015-03-23 19:46 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427132778
2015-07-14 19:03 - 2015-03-23 19:46 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-14 19:03 - 2015-03-23 19:46 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 10:19 - 2015-03-23 19:54 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-13 09:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-13 00:45 - 2015-04-11 00:10 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-07-13 00:19 - 2015-05-14 21:05 - 00000000 ____D C:\Users\John\AppData\Roaming\dvdcss
2015-07-08 18:41 - 2015-04-13 19:17 - 00000000 ____D C:\Users\John\dwhelper
2015-07-08 14:46 - 2013-08-22 15:25 - 00000159 _____ C:\Windows\win.ini
2015-07-08 04:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-06 23:24 - 2014-07-14 17:36 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-07-14 17:36 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 08:43 - 2015-03-25 11:16 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-18 23:56 - 2015-03-23 16:52 - 00000000 ____D C:\Users\John\AppData\Local\Sidebar7

==================== Files in the root of some directories =======

2015-07-08 10:46 - 2015-07-08 10:46 - 0000038 ___SH () C:\Users\John\AppData\Local\69ff07055291669bb2b218.72821112
2015-03-27 14:08 - 2015-03-27 14:08 - 0007601 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-01-09 21:36 - 2015-01-09 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-08 14:43 - 2015-07-08 14:46 - 0000823 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi2wvar.dll
C:\Users\John\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\John\AppData\Local\Temp\InstHelper.exe
C:\Users\John\AppData\Local\Temp\mccspuninstall.exe
C:\Users\John\AppData\Local\Temp\octF3F6.tmp.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
C:\Users\John\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 09:57

==================== End of log ============================
--- --- ---


Addition.txt:
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by John at 2015-07-16 12:35:50
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3752888199-105568141-2537367680-500 - Administrator - Disabled)
Gast (S-1-5-21-3752888199-105568141-2537367680-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3752888199-105568141-2537367680-1003 - Limited - Enabled)
John (S-1-5-21-3752888199-105568141-2537367680-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{D328A547-552F-4B3D-AF00-6E1D2BE62702}) (Version: 13.0.0 - Helmut Buhler)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8107 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Acrylic Wi-Fi Free v2.3 (HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 2.3 - Tarlogic Security S.L.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5320 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESET NOD32 Antivirus (HKLM\...\{42EADD46-0E47-4325-A238-03C42FF9DE89}) (Version: 8.0.312.3 - ESET, spol s r. o.)
F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Mystery of Unicorn Castle: Meister der Bestien (HKLM-x32\...\Mystery of Unicorn Castle: Meister der Bestien) (Version: 0.0.0.0 - INTENIUM GmbH)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SoftPerfect WiFi Guard version 1.0.5 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.5 - SoftPerfect Research)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-06-2015 05:58:11 Geplanter Prüfpunkt
07-07-2015 19:12:49 Windows Update
13-07-2015 00:13:55 Installed 7-Zip 9.20 (x64 edition)
15-07-2015 12:31:24 Joe wird installiert

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073CCC7A-B3F6-420C-9B67-2372E6BE270C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {0F34121B-C761-43EC-98F5-D5305279FB31} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {1B52C9A3-4669-4E90-B1DD-B4B8737FB1E5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {21EF489F-856F-4F65-B443-1C7CD5242686} - System32\Tasks\Opera scheduled Autoupdate 1427132778 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {235BFBE3-5E01-44A9-88FA-18BD95B3D3ED} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {609B65E5-3830-4E3A-A53B-1A0797B1B19F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {93F26C3C-B1D2-4997-BF24-4B988D223447} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A5E892DA-09AF-4713-A128-6DE53A8B0DE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)
Task: {BEB5248C-2267-46A5-877A-7FE7043F5C72} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {CB559EB5-3FED-4BC3-94B5-65AA3E2A2B2F} - System32\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)
Task: {D01BEF1B-1C1D-4880-9FC5-38794A87441C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {D7584FCF-FB65-46B3-B91B-B5656DE7F136} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer)
Task: {EEA56AB2-C205-49EE-ACBA-554E62FCF43E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {EEA57E45-B02A-4DBB-82ED-D6238CC8F2D7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {F12E2B9A-B840-4058-8C50-B27A21D7DAD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-09 21:49 - 2012-04-24 12:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-01-09 22:06 - 2014-07-01 15:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-01-09 21:12 - 2015-01-09 21:12 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-24 03:22 - 2013-12-24 03:22 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-12-24 03:20 - 2013-12-24 03:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-12-24 03:26 - 2013-12-24 03:26 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-05-06 16:14 - 2015-05-06 16:14 - 00092928 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-05-06 16:14 - 2015-05-06 16:14 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-05-12 16:41 - 2015-05-12 16:41 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-05-06 10:08 - 2015-05-06 10:08 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 02:57 - 2014-07-01 02:57 - 00279296 _____ () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-16 01:46 - 2015-07-16 01:46 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi2wvar.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-05-06 16:15 - 2015-05-06 16:15 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-01-09 21:34 - 2013-09-16 06:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\John\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3752888199-105568141-2537367680-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\galaxy_wallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AA0E3DE1-D54C-45FB-AB75-A5A400953BBB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D52141A7-3887-4899-9322-A8F4EA0DCB1C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A2452C04-0996-4E68-A32F-CF97856D20C0}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F4F1FE1E-E3F0-4341-BC9D-7EB3E8014EED}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AC204168-DA25-40AD-8D63-F6D6D1BE6F66}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3BA4F091-19CB-49ED-8763-EA8BDB600C83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AC37233C-9970-40D0-BD19-5FC97819B74A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{1BCC9FE7-DD5C-4D30-9D8A-9A84D3D8A84D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{90CD877F-C160-4F37-BBDA-B87EB3AB0E63}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{21321112-86C9-4BA7-8AB2-725138508806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{99FD495E-ABFB-4B58-BE6E-03BFC32F44B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{0F3A3305-592F-42B3-89C0-B6C3BB0710B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E5C27EB9-FB62-4753-84DD-FC7C83E8C6B3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{876A7FF8-A92D-46F1-9D5C-62B16863099D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{BA672A5E-5C10-46BA-A26D-F60D569FD99C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{59ADD9E1-140F-47D4-9314-C269F37190CE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D6448B99-D7D0-48A3-9E8A-823DDCFCECAF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{1B181BE8-7CB3-4151-B790-EA9C9B0E4DAB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9F03467A-9D4C-4024-B890-D7FAED4B19BE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6B4A21D4-92C8-43CA-B0B6-4859A9326F01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F2D16619-F4AA-49FE-BE40-0A7164939F04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D2EBFB63-C50C-4645-BDA2-2B4AAF4AB5EE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A686CCA2-FF80-422E-B700-4857CD5B5270}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5CCBD8FF-E21B-421D-B08F-1563F5331A8B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C71654AA-B31A-4922-9346-56C18EFD6A29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CB7C8B2A-60CC-43B9-B2C9-6D08F1B74BD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C9AA1D06-3AC6-48D2-8FFC-C4E410CF513B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2DDE9509-41E7-4262-8D74-AAE368A04878}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{375D3CD8-F4AD-40C4-91AA-D5F08B6A1CDE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{F14ED2F8-C047-40D6-86CC-E4449200D151}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DC5C5C55-0888-42D6-8667-88A37159CC9B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{C38C4447-B7DE-470F-9E8A-3F3A03E9972F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{75BD70D3-28D3-4FBB-8860-C0A4CD8854DA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{7FE99687-4DE9-4243-A825-1B3F86E7628B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{B4BB19E7-EBB5-4341-B7D3-DD473079F605}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1748E5AF-F313-478F-BB70-532D7CEC5EE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9577CB40-1B25-4662-A9FE-0BE5D396C214}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CF8F1951-6FF2-499E-9AC8-AE89750A4A37}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BCB65C5F-04E8-441F-A35E-010C4EA898AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{423B9FB5-5E35-4626-8BB7-C0053CB1855B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9964D51D-4898-4B2B-B6AC-0187BE22E470}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4E2D5CC7-79F0-4B80-AE49-99EEC460AEBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{25FFAD2B-92CE-4EBC-A8FB-4D758B616713}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{415315B5-5FC6-420E-9FAA-50B0A08F510B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A71D3DA0-9978-483E-882D-3CEFEABF2553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{86BBF5B1-50ED-4219-AAFA-627F4307D2F9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{321B468B-48C2-441A-A529-C53FE75997D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{94A9E4AF-EF08-4DA4-8145-DAD41DCDB1AD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{04537518-6901-4D96-8E88-7FD104FE0BD1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5EE14985-3D3E-44F7-A052-74A63FD59E56}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CFF81E70-B6AF-4DEB-84B5-3C511468D7ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{542581D9-EEE9-493D-A3F2-38A58B56EA89}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{701F989E-8EBA-4D81-9E08-5CC558622933}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{82201CB2-486D-4CB2-B1FC-C19DB9BECDAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{82C49386-5C5B-4D1E-93A8-1B6DC937FA2C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6AE0ECC2-E0C4-4F18-8E2C-6415E714AF07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{326F7971-9773-4F43-8128-7EBE0A5AC08F}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E521A650-2F0A-4F0B-BB17-85CDD4A0F661}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1F8AC210-1497-479B-A917-5FEDED50E050}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{23354467-E8E6-49FF-82C4-45EE34047C63}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{16A518A4-6885-45C4-BDB1-0AA9EE2182E2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{26E9BCBD-D163-4D9D-8EFB-D9AE914928D8}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{BDEAB55C-C95F-46E1-9214-811261A283FC}D:\xxx_backupc_sys\programme\webferret\webferret.exe] => (Allow) D:\xxx_backupc_sys\programme\webferret\webferret.exe
FirewallRules: [UDP Query User{148EFFCA-95CF-4639-A763-8C12DD4B371D}D:\xxx_backupc_sys\programme\webferret\webferret.exe] => (Allow) D:\xxx_backupc_sys\programme\webferret\webferret.exe
FirewallRules: [TCP Query User{126A03EA-9846-4858-AA27-46AD92A942DA}G:\programme\programme\chat\cchat.exe] => (Allow) G:\programme\programme\chat\cchat.exe
FirewallRules: [UDP Query User{CE597BF5-9D26-4E69-9AB8-B0F5D2E38454}G:\programme\programme\chat\cchat.exe] => (Allow) G:\programme\programme\chat\cchat.exe
FirewallRules: [{5D04EE03-E741-47E1-AADE-5B30C0480A69}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{931624AF-CA25-4DAF-B7FD-571FEEC3272D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BC41AF45-3AFB-4102-AFB6-2B4EC6E6E2F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EBA621A6-737C-425A-B157-2969CD3BEF25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F4EBE2BB-2B3F-4B38-8413-C85A4BBE8001}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9E9A1771-502B-4563-8BDF-311BC9FB818E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0194421E-8D89-4E7A-9B1E-C3CF5D4FE4FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{51764262-2C03-423B-8C3B-02B180C33553}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6893BD6D-6308-4EE1-9E25-B6F840FE7AC7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{5BFD3B45-D4B8-428C-B491-595D9B3BA757}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{596EBE3C-33C4-42CA-8DD4-36435382A737}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{77F3A796-F62F-4FFA-9B7C-A81781975848}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{20C3E1A5-5482-425D-B6BE-1236B63C38C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7B2243B7-8F4E-4FF8-9D16-73F33E548160}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{4A66BED2-EB4D-4507-AD80-8F40A3A30845}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{2B1C4AE5-5A15-4F50-AF42-251BE5EA0AF2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 08:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.7, Zeitstempel: 0x5549779c
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011891
ID des fehlerhaften Prozesses: 0x230
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (07/15/2015 01:15:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7b4

Startzeit: 01d0b8d6238e33f1

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 873993cf-2ae2-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/15/2015 01:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DISKSTAT.EXE, Version 1.13.0.90 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1938

Startzeit: 01d0beed77178358

Endzeit: 4294967295

Anwendungspfad: G:\DISKSTAT\DISKSTAT.EXE

Berichts-ID: e1c2b232-2ae0-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/13/2015 03:51:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1cd4

Startzeit: 01d0bd72ec2d73e7

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: 4a422f06-2966-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/13/2015 02:49:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1160

Startzeit: 01d0bd69f3eb2463

Endzeit: 8

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: 85ad90c8-295d-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/13/2015 12:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ef0

Startzeit: 01d0bcee539b8fd9

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: 1a02e11f-28e2-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/12/2015 11:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c08

Startzeit: 01d0bced64ad86ff

Endzeit: 17

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: e7c10fdc-28e0-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/11/2015 11:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.3.9600.17667, Zeitstempel: 0x54c2ece8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x10868bd0
ID des fehlerhaften Prozesses: 0x378
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5

Error: (07/08/2015 02:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PortChanger.exe, Version: 0.0.0.0, Zeitstempel: 0x50123cc9
Name des fehlerhaften Moduls: PortChanger.exe, Version: 0.0.0.0, Zeitstempel: 0x50123cc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000004be7
ID des fehlerhaften Prozesses: 0x1bf4
Startzeit der fehlerhaften Anwendung: 0xPortChanger.exe0
Pfad der fehlerhaften Anwendung: PortChanger.exe1
Pfad des fehlerhaften Moduls: PortChanger.exe2
Berichtskennung: PortChanger.exe3
Vollständiger Name des fehlerhaften Pakets: PortChanger.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PortChanger.exe5

Error: (07/07/2015 07:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.7, Zeitstempel: 0x5549779c
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011891
ID des fehlerhaften Prozesses: 0xa8c
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5


System errors:
=============
Error: (07/16/2015 01:44:50 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: H:\Device\HarddiskVolume83

Error: (07/15/2015 12:37:00 PM) (Source: DCOM) (EventID: 10000) (User: HOMEOFFICE)
Description: "C:\Users\John\AppData\Local\Temp\is-TOD13.tmp\nsissetup.exe"  -- "C:\Users\John\Downloads\joe-setup_CB-DL-Manager.exe" 168c 0000035C 00000360 {D5156EE2-A859-4447-9368-E419E566A43C} -Embedding5{D5156EE2-A859-4447-9368-E419E566A43C}

Error: (07/15/2015 12:36:47 PM) (Source: DCOM) (EventID: 10000) (User: HOMEOFFICE)
Description: "C:\Users\John\AppData\Local\Temp\is-OG7O2.tmp\nsissetup.exe"  -- "C:\Users\John\Downloads\joe-setup_CB-DL-Manager.exe" 19e8 00000360 00000364 {1E8CE4D1-DD18-48A5-AF0C-FF5FC9B1BBEC} -Embedding5{1E8CE4D1-DD18-48A5-AF0C-FF5FC9B1BBEC}

Error: (07/08/2015 02:25:32 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: H:\Device\HarddiskVolume153

Error: (07/07/2015 06:56:53 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: H:\Device\HarddiskVolume93

Error: (06/13/2015 07:41:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEOFFICE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2015 07:41:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEOFFICE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2015 07:41:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEOFFICE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2015 07:41:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEOFFICE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2015 07:41:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEOFFICE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office:
=========================
Error: (07/16/2015 08:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.75549779cMSVCR100.dll10.0.40219.3254df2be1ec00000050001189123001d0bf5872803e2dC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll412469e5-2b88-11e5-826c-acb57d188881

Error: (07/15/2015 01:15:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.176677b401d0b8d6238e33f10C:\Windows\Explorer.EXE873993cf-2ae2-11e5-826b-acb57d188881

Error: (07/15/2015 01:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DISKSTAT.EXE1.13.0.90193801d0beed771783584294967295G:\DISKSTAT\DISKSTAT.EXEe1c2b232-2ae0-11e5-826b-acb57d188881

Error: (07/13/2015 03:51:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.3331cd401d0bd72ec2d73e710C:\Program Files (x86)\ratDVD\XEBEncoder.exe4a422f06-2966-11e5-826b-acb57d188881

Error: (07/13/2015 02:49:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.333116001d0bd69f3eb24638C:\Program Files (x86)\ratDVD\XEBEncoder.exe85ad90c8-295d-11e5-826b-acb57d188881

Error: (07/13/2015 12:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.333ef001d0bcee539b8fd913C:\Program Files (x86)\ratDVD\XEBEncoder.exe1a02e11f-28e2-11e5-826b-acb57d188881

Error: (07/12/2015 11:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.3331c0801d0bced64ad86ff17C:\Program Files (x86)\ratDVD\XEBEncoder.exee7c10fdc-28e0-11e5-826b-acb57d188881

Error: (07/11/2015 11:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c2ece8unknown0.0.0.000000000c000000510868bd037801d0bc244230f3bcC:\Windows\SysWOW64\explorer.exeunknown8625ecb9-2817-11e5-826b-acb57d188881

Error: (07/08/2015 02:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PortChanger.exe0.0.0.050123cc9PortChanger.exe0.0.0.050123cc9c00000050000000000004be71bf401d0b97975df78f0C:\Windows\system32\PortChanger.exeC:\Windows\system32\PortChanger.exec17605d9-256c-11e5-826b-acb57d188881

Error: (07/07/2015 07:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.75549779cMSVCR100.dll10.0.40219.3254df2be1ec000000500011891a8c01d0b8d62fcad44bC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll22ce3f0e-24d1-11e5-826b-acb57d188881


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3240 @ 3.10GHz
Percentage of memory in use: 19%
Total physical RAM: 8001.52 MB
Available physical RAM: 6414.77 MB
Total Virtual: 9281.52 MB
Available Virtual: 7001.41 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456 GB) (Free:411.63 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.51 GB) (Free:251.41 GB) NTFS
Drive g: (2013Archiv) (Fixed) (Total:97.66 GB) (Free:29.68 GB) NTFS
Drive h: (2013Dokumente) (Fixed) (Total:97.66 GB) (Free:43.97 GB) NTFS
Drive i: (2013Musik) (Fixed) (Total:195.31 GB) (Free:101.19 GB) NTFS
Drive j: (2013Bilder) (Fixed) (Total:488.28 GB) (Free:73.42 GB) NTFS
Drive k: (2013Multi) (Fixed) (Total:97.66 GB) (Free:17.06 GB) NTFS
Drive l: (2013Backup) (Fixed) (Total:1817.95 GB) (Free:297.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA4580F)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of log ============================
--- --- ---

cosinus 16.07.2015 11:53
Nach einem typischen Junkware-Fall sieht das hier nicht aus, aber mach mal:

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wegasoft 16.07.2015 12:25
So, fertig.

Hier die Logs:

MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.07.2015
Suchlauf-Zeit: 12:58:07
Logdatei: MBAMLog.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.07.16.02
Rootkit Datenbank: v2015.07.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: John

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348140
Verstrichene Zeit: 7 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 8.1 x64
Ran by John on 16.07.2015 at 13:14:45,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\aunn7f75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\aunn7f75.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.07.2015 at 13:17:04,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADW:
Code:
# AdwCleaner v4.208 - Bericht erstellt 16/07/2015 um 13:10:25
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : John - HOMEOFFICE
# Gestarted von : C:\Users\John\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 de)


-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [2878 Bytes] - [15/04/2015 22:14:14]
AdwCleaner[R1].txt - [1293 Bytes] - [16/07/2015 13:09:53]
AdwCleaner[S0].txt - [2761 Bytes] - [15/04/2015 22:16:15]
AdwCleaner[S1].txt - [1213 Bytes] - [16/07/2015 13:10:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1272  Bytes] ##########
und FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by John (administrator) on HOMEOFFICE on 16-07-2015 13:18:12
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-21] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Atheros Communications)
HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\Run: [Dropbox Update] => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3752888199-105568141-2537367680-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-07-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar88.lnk [2015-07-16]
ShortcutTarget: Sidebar88.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3752888199-105568141-2537367680-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3752888199-105568141-2537367680-1001 -> {7E47F340-1B64-42AF-A9DD-A621EE34266D} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{73319C2E-039F-466C-AA0A-A00A1DF1EB37}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default
FF Homepage: https://www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: YouTube Unblocker - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\youtubeunblocker@unblocker.yt [2015-03-24]
FF Extension: DownThemAll! AntiContainer - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\anticontainer@downthemall.net.xpi [2015-03-24]
FF Extension: Lightbeam - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-05-09]
FF Extension: FlashGot - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-11]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-06-11]
FF Extension: DownThemAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aunn7f75.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-06] (Acer Incorporated)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4282904 2015-05-11] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-07-13] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [159480 2015-03-10] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 13:17 - 2015-07-16 13:17 - 00000879 _____ C:\Users\John\Desktop\JRT.txt
2015-07-16 13:14 - 2015-07-16 13:14 - 01797576 _____ (Malwarebytes Corporation) C:\Users\John\Downloads\JRT.exe
2015-07-16 13:09 - 2015-07-16 13:09 - 02248704 _____ C:\Users\John\Downloads\AdwCleaner_4.208.exe
2015-07-16 12:57 - 2015-07-16 13:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 12:57 - 2015-07-16 13:07 - 00000000 ____D C:\Malwarebytes Anti-Malware
2015-07-16 12:57 - 2015-07-16 12:57 - 00000713 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 12:57 - 2015-07-16 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 12:57 - 2015-07-16 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 12:57 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-16 12:57 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 12:57 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-16 12:56 - 2015-07-16 12:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-16 12:35 - 2015-07-16 13:18 - 00013860 _____ C:\Users\John\Downloads\FRST.txt
2015-07-16 12:35 - 2015-07-16 13:18 - 00000000 ____D C:\FRST
2015-07-16 12:35 - 2015-07-16 12:36 - 00046047 _____ C:\Users\John\Downloads\Addition.txt
2015-07-16 12:34 - 2015-07-16 12:34 - 02133504 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-07-15 12:41 - 2015-07-15 12:41 - 00000000 ____D C:\Users\John\AppData\Local\Tools&More
2015-07-15 12:41 - 2015-07-15 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2015-07-15 12:41 - 2015-07-15 12:41 - 00000000 ____D C:\Program Files (x86)\Tools&More
2015-07-15 12:40 - 2015-07-15 12:40 - 02771643 _____ C:\Users\John\Downloads\joe-4setup.exe
2015-07-15 12:31 - 2015-07-15 12:41 - 00000000 ____D C:\Windows\Downloaded Installations
2015-07-15 11:11 - 2015-07-15 11:12 - 04452903 _____ C:\Users\John\Downloads\Ruthe.de - Das Klo.3gp
2015-07-15 11:10 - 2015-07-15 11:10 - 11113370 _____ C:\Users\John\Downloads\Ruthe.de - Das Klo.mp4
2015-07-15 07:53 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 07:53 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 07:53 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 07:53 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 07:53 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 07:53 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 07:53 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 07:53 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 07:53 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 07:53 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 07:53 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 07:53 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 07:53 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 07:53 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 07:53 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 07:53 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 07:53 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 07:53 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 07:53 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 07:53 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 07:53 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 07:53 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 07:53 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 07:53 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 07:53 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 07:53 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 07:53 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 07:53 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 07:53 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 07:53 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 07:53 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 07:53 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 07:53 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 07:51 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 07:51 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 07:51 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 07:51 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 07:51 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 07:51 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 07:51 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 07:51 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 07:51 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 07:51 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 07:51 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 07:51 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 07:51 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 07:51 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 07:51 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 07:51 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 07:51 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 07:51 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 07:51 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 07:51 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 07:51 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 07:51 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 07:51 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 07:51 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 07:51 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 07:51 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 07:51 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 07:51 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 07:51 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 07:51 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 07:51 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 07:51 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 07:51 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 07:51 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 07:51 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 07:51 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 07:51 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 07:51 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 07:51 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 07:51 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 07:51 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 07:51 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 07:51 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 07:51 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 07:51 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 07:51 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 07:51 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 07:51 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 07:51 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 07:51 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 07:51 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 07:51 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 07:51 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 07:51 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 07:51 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 07:51 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 07:51 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 07:51 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 07:51 - 2015-05-11 20:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 07:51 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 07:51 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 07:51 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 07:51 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 07:51 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 07:51 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 07:51 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 07:51 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 07:51 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 07:51 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 07:51 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 07:51 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 07:51 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 07:46 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 07:46 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 07:46 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 07:46 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 07:46 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 07:46 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 07:46 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 07:46 - 2015-04-28 15:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 07:46 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 07:46 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-15 07:45 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 07:45 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 07:45 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 07:45 - 2015-05-02 01:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 10:30 - 2015-07-14 10:30 - 02527096 _____ C:\Users\John\Downloads\media_w945407693_1.ts
2015-07-14 10:29 - 2015-07-14 10:29 - 03036012 _____ C:\Users\John\Downloads\media_w1037358837_21.ts
2015-07-14 10:16 - 2015-07-14 10:17 - 02751380 _____ C:\Users\John\Downloads\media_w1037358837_8.ts
2015-07-13 15:00 - 2015-07-13 15:00 - 00000000 ____D C:\FFOutput
2015-07-13 00:45 - 2015-07-13 00:46 - 00000000 ____D C:\Users\John\AppData\Roaming\DAEMON Tools Lite
2015-07-13 00:45 - 2015-07-13 00:46 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-07-13 00:14 - 2015-07-13 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-13 00:14 - 2015-07-13 00:14 - 00000000 ____D C:\Program Files\7-Zip
2015-07-13 00:13 - 2015-07-13 00:13 - 01376768 _____ C:\Users\John\Downloads\7z920-x64.msi
2015-07-12 23:54 - 2015-07-12 23:54 - 00000000 ____D C:\Users\John\AppData\Local\ratDVD
2015-07-12 23:53 - 2015-07-12 23:53 - 04730740 _____ (ratDVD) C:\Users\John\Downloads\ratDVDSetup-0.78.1444.exe
2015-07-12 19:42 - 2015-07-12 19:55 - 380572925 _____ C:\Users\John\Downloads\COSDAY 2015(1).mp4
2015-07-12 19:38 - 2015-07-12 19:39 - 361850213 _____ C:\Users\John\Downloads\Der Lee - CosDay 2015 _ Nordwest Zentrum Frankfurt.mp4
2015-07-12 01:05 - 2015-07-12 01:06 - 504383058 _____ C:\Users\John\Downloads\Just For Laugh 2015 - Full Episodes April 2015.mp4
2015-07-12 00:03 - 2015-07-12 00:04 - 50407543 _____ C:\Users\John\Downloads\DWO - Doctor Who Cast _ Crew '500 Miles'.mp4
2015-07-09 20:47 - 2015-07-09 20:47 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 14:52 - 2015-07-08 14:52 - 00000000 ____D C:\Users\John\Documents\Eigene Scans
2015-07-08 14:48 - 2015-07-08 14:48 - 00000000 ____D C:\Users\John\AppData\Local\HP
2015-07-08 14:47 - 2015-07-08 14:47 - 00000292 _____ C:\Windows\Tasks\WebReg HP Deskjet F4200 series.job
2015-07-08 14:46 - 2015-07-08 14:48 - 00000000 ____D C:\Users\John\AppData\Roaming\HP
2015-07-08 14:46 - 2015-07-08 14:46 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-07-08 14:46 - 2015-07-08 14:46 - 00000000 ____D C:\Users\John\AppData\Roaming\HpUpdate
2015-07-08 14:46 - 2015-07-08 14:46 - 00000000 ____D C:\ProgramData\WEBREG
2015-07-08 14:45 - 2015-07-08 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-07-08 14:45 - 2015-07-08 14:45 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-07-08 14:45 - 2015-07-08 14:45 - 00001335 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
2015-07-08 14:45 - 2015-07-08 14:45 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-07-08 14:44 - 2015-07-08 14:46 - 00000000 ____D C:\Program Files (x86)\HP
2015-07-08 14:43 - 2015-07-08 14:46 - 00204268 _____ C:\Windows\hpoins28.dat
2015-07-08 14:43 - 2015-07-08 14:46 - 00000823 _____ C:\ProgramData\hpzinstall.log
2015-07-08 14:43 - 2012-09-26 17:48 - 00000584 ____N C:\Windows\hpomdl28.dat
2015-07-08 14:42 - 2015-07-08 14:47 - 00000000 ____D C:\ProgramData\HP
2015-07-08 14:42 - 2009-07-08 12:51 - 00938496 _____ (Hewlett-Packard) C:\Windows\system32\hpowiax7.dll
2015-07-08 14:42 - 2009-07-08 12:51 - 00740864 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl6.dll
2015-07-08 14:42 - 2009-07-08 12:51 - 00551424 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2015-07-08 14:42 - 2009-07-08 12:51 - 00505344 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst15.dll
2015-07-08 14:41 - 2015-07-08 14:42 - 188204936 _____ C:\Users\John\Downloads\DJ_AIO_03_F4200_NonNet_Full_WW_140_404-4.exe
2015-07-08 14:39 - 2015-07-08 14:39 - 03748672 _____ (Oleg N. Scherbakov) C:\Users\John\Downloads\HPSupportSolutionsFramework-12.0.26.exe
2015-07-08 14:39 - 2015-07-08 14:39 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-07-08 14:27 - 2015-07-08 14:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-07-08 11:16 - 2015-07-08 11:16 - 00000380 _____ C:\Users\John\Documents\wifiguard.txt
2015-07-08 11:13 - 2015-07-08 11:13 - 01923360 _____ (SoftPerfect Research ) C:\Users\John\Downloads\wifiguard_windows_setup.exe
2015-07-08 11:13 - 2015-07-08 11:13 - 00000931 _____ C:\Users\Public\Desktop\SoftPerfect WiFi Guard.lnk
2015-07-08 11:13 - 2015-07-08 11:13 - 00000000 ____D C:\Users\John\AppData\Local\WiFi Guard
2015-07-08 11:13 - 2015-07-08 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard
2015-07-08 11:13 - 2015-07-08 11:13 - 00000000 ____D C:\Program Files\SoftPerfect WiFi Guard
2015-07-08 10:54 - 2015-07-08 11:02 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Free
2015-07-08 10:54 - 2015-07-08 10:54 - 00000891 _____ C:\Users\John\Desktop\Acrylic Wi-Fi Free.lnk
2015-07-08 10:54 - 2015-07-08 10:54 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Free
2015-07-08 10:54 - 2015-07-08 10:54 - 00000000 ____D C:\Users\John\AppData\Roaming\Acrylic Wi-Fi Free
2015-07-08 10:53 - 2015-07-08 10:53 - 06071728 _____ (Tarlogic Security S.L. ) C:\Users\John\Downloads\Acrylic_WiFi_Free_v2.3.5652.32360-Setup.exe
2015-07-08 10:47 - 2015-07-08 10:47 - 00000000 __SHD C:\Users\John\AppData\Local\icsxml
2015-07-08 10:46 - 2015-07-08 10:46 - 00000038 ___SH C:\Users\John\AppData\Local\69ff07055291669bb2b218.72821112
2015-07-08 10:46 - 2015-07-08 10:46 - 00000000 ____D C:\Users\John\AppData\Local\MetaGeek,_LLC
2015-07-08 10:45 - 2015-07-08 10:45 - 05664768 _____ C:\Users\John\Downloads\inSSIDer42012-installer.msi
2015-07-08 10:36 - 2015-07-08 10:36 - 00012800 ___SH C:\Users\John\Documents\Thumbs.db
2015-07-08 10:35 - 2015-07-08 10:35 - 00016481 _____ C:\Users\John\Documents\ACER WIFI.odt
2015-07-08 05:03 - 2015-07-08 05:03 - 00326954 _____ C:\Users\John\Downloads\User Manual_Acer_1.0_A_A.zip
2015-07-08 04:18 - 2015-07-16 01:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-20 15:41 - 2015-07-16 12:46 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA.job
2015-06-20 15:41 - 2015-07-15 15:46 - 00001190 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core.job
2015-06-20 15:41 - 2015-06-20 15:41 - 00004186 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA
2015-06-20 15:41 - 2015-06-20 15:41 - 00003806 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core
2015-06-20 15:41 - 2015-06-20 15:41 - 00000000 ____D C:\Users\John\AppData\Local\Dropbox
2015-06-20 15:41 - 2015-06-20 15:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-18 01:27 - 2015-06-18 01:27 - 11828657 _____ C:\Users\John\Downloads\Cats vs. Socks.mp4
2015-06-18 01:21 - 2015-06-18 01:21 - 09470778 _____ C:\Users\John\Downloads\How To Make a Handmade Book.mp4
2015-06-18 00:07 - 2015-06-18 00:07 - 61855696 _____ C:\Users\John\Downloads\Rhapsody of Fire - Christopher Lee - Magic of Wizard's Dream Battlespace version.mp4
2015-06-17 16:43 - 2015-06-17 16:56 - 00000000 ____D C:\Wer
2015-06-17 15:39 - 2015-06-17 15:39 - 00069627 _____ C:\Users\John\Downloads\greifswaler-deutsche-schrift.zip
2015-06-17 15:39 - 2015-06-17 15:39 - 00000000 ____D C:\Users\John\Downloads\greifswaler-deutsche-schrift

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 13:17 - 2015-04-15 22:14 - 00000000 ____D C:\AdwCleaner
2015-07-16 13:17 - 2015-03-23 16:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3752888199-105568141-2537367680-1001
2015-07-16 13:17 - 2015-01-07 08:48 - 00764340 _____ C:\Windows\system32\perfh007.dat
2015-07-16 13:17 - 2015-01-07 08:48 - 00159160 _____ C:\Windows\system32\perfc007.dat
2015-07-16 13:17 - 2014-03-18 12:03 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 13:13 - 2015-04-11 11:22 - 00000000 ___DO C:\Users\John\OneDrive
2015-07-16 13:13 - 2015-03-23 17:24 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2015-07-16 13:12 - 2015-03-25 14:25 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb.job
2015-07-16 13:12 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 13:11 - 2015-01-09 21:19 - 01245106 _____ C:\Windows\WindowsUpdate.log
2015-07-16 13:11 - 2014-03-18 11:54 - 00016952 _____ C:\Windows\PFRO.log
2015-07-16 13:11 - 2013-08-22 16:46 - 00033807 _____ C:\Windows\setupact.log
2015-07-16 13:11 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-16 13:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-16 12:29 - 2015-05-17 08:19 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 09:00 - 2015-03-23 16:22 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-07-16 05:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-16 05:09 - 2015-03-23 17:36 - 00000000 ____D C:\Users\John\AppData\Roaming\UseNeXT
2015-07-16 02:00 - 2015-03-23 18:44 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2015-07-16 01:44 - 2013-08-22 16:44 - 00377408 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 01:43 - 2015-03-23 16:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-16 01:42 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 01:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2015-07-15 23:24 - 2015-05-17 08:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 23:24 - 2015-03-25 14:25 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb
2015-07-15 20:56 - 2015-04-12 19:17 - 00754176 ___SH C:\Users\John\Downloads\Thumbs.db
2015-07-15 12:43 - 2015-03-24 00:38 - 00000000 ____D C:\Users\John\Desktop\System
2015-07-15 11:17 - 2015-03-23 18:22 - 00000000 ____D C:\Users\John\AppData\Roaming\MyPhoneExplorer
2015-07-15 10:04 - 2015-04-11 14:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 10:04 - 2015-04-11 14:12 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 10:03 - 2015-03-25 11:16 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 19:03 - 2015-03-23 19:46 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1427132778
2015-07-14 19:03 - 2015-03-23 19:46 - 00001027 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-14 19:03 - 2015-03-23 19:46 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-14 10:19 - 2015-03-23 19:54 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-13 09:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-13 00:45 - 2015-04-11 00:10 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-07-13 00:19 - 2015-05-14 21:05 - 00000000 ____D C:\Users\John\AppData\Roaming\dvdcss
2015-07-08 18:41 - 2015-04-13 19:17 - 00000000 ____D C:\Users\John\dwhelper
2015-07-08 14:46 - 2013-08-22 15:25 - 00000159 _____ C:\Windows\win.ini
2015-07-08 04:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-06 23:24 - 2014-07-14 17:36 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-07-14 17:36 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 08:43 - 2015-03-25 11:16 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-18 23:56 - 2015-03-23 16:52 - 00000000 ____D C:\Users\John\AppData\Local\Sidebar7

==================== Files in the root of some directories =======

2015-07-08 10:46 - 2015-07-08 10:46 - 0000038 ___SH () C:\Users\John\AppData\Local\69ff07055291669bb2b218.72821112
2015-03-27 14:08 - 2015-03-27 14:08 - 0007601 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-01-09 21:36 - 2015-01-09 21:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-08 14:43 - 2015-07-08 14:46 - 0000823 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzgd7lg.dll
C:\Users\John\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\John\AppData\Local\Temp\InstHelper.exe
C:\Users\John\AppData\Local\Temp\mccspuninstall.exe
C:\Users\John\AppData\Local\Temp\octF3F6.tmp.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
C:\Users\John\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-15 09:57

==================== End of log ============================
--- --- ---


und Addition
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by John at 2015-07-16 13:18:48
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3752888199-105568141-2537367680-500 - Administrator - Disabled)
Gast (S-1-5-21-3752888199-105568141-2537367680-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3752888199-105568141-2537367680-1003 - Limited - Enabled)
John (S-1-5-21-3752888199-105568141-2537367680-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{D328A547-552F-4B3D-AF00-6E1D2BE62702}) (Version: 13.0.0 - Helmut Buhler)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8107 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Acrylic Wi-Fi Free v2.3 (HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 2.3 - Tarlogic Security S.L.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5320 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-3752888199-105568141-2537367680-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ESET NOD32 Antivirus (HKLM\...\{42EADD46-0E47-4325-A238-03C42FF9DE89}) (Version: 8.0.312.3 - ESET, spol s r. o.)
F4200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Foxit PhantomPDF (HKLM-x32\...\{F74C595C-BEF2-4AF9-9C4E-68F3CD509C4D}) (Version: 6.0.120.609 - Foxit Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{78545512-1F84-4357-8A9A-D94D9C3CE4FA}) (Version: 12.0.26.54 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger)
Mystery of Unicorn Castle: Meister der Bestien (HKLM-x32\...\Mystery of Unicorn Castle: Meister der Bestien) (Version: 0.0.0.0 - INTENIUM GmbH)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SoftPerfect WiFi Guard version 1.0.5 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.5 - SoftPerfect Research)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3752888199-105568141-2537367680-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-06-2015 05:58:11 Geplanter Prüfpunkt
07-07-2015 19:12:49 Windows Update
13-07-2015 00:13:55 Installed 7-Zip 9.20 (x64 edition)
15-07-2015 12:31:24 Joe wird installiert
16-07-2015 13:14:50 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073CCC7A-B3F6-420C-9B67-2372E6BE270C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {0F34121B-C761-43EC-98F5-D5305279FB31} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {1B52C9A3-4669-4E90-B1DD-B4B8737FB1E5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {21EF489F-856F-4F65-B443-1C7CD5242686} - System32\Tasks\Opera scheduled Autoupdate 1427132778 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {235BFBE3-5E01-44A9-88FA-18BD95B3D3ED} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {609B65E5-3830-4E3A-A53B-1A0797B1B19F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {93F26C3C-B1D2-4997-BF24-4B988D223447} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {A5E892DA-09AF-4713-A128-6DE53A8B0DE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)
Task: {BEB5248C-2267-46A5-877A-7FE7043F5C72} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {CB559EB5-3FED-4BC3-94B5-65AA3E2A2B2F} - System32\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)
Task: {D01BEF1B-1C1D-4880-9FC5-38794A87441C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-03] (Acer Incorporated)
Task: {D7584FCF-FB65-46B3-B91B-B5656DE7F136} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer)
Task: {EEA56AB2-C205-49EE-ACBA-554E62FCF43E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {EEA57E45-B02A-4DBB-82ED-D6238CC8F2D7} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {F12E2B9A-B840-4058-8C50-B27A21D7DAD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001Core.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3752888199-105568141-2537367680-1001UA.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d066f6c097d4fb.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebReg HP Deskjet F4200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-09 21:34 - 2013-09-16 06:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\John\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3752888199-105568141-2537367680-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\galaxy_wallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AA0E3DE1-D54C-45FB-AB75-A5A400953BBB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D52141A7-3887-4899-9322-A8F4EA0DCB1C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A2452C04-0996-4E68-A32F-CF97856D20C0}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F4F1FE1E-E3F0-4341-BC9D-7EB3E8014EED}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AC204168-DA25-40AD-8D63-F6D6D1BE6F66}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{3BA4F091-19CB-49ED-8763-EA8BDB600C83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AC37233C-9970-40D0-BD19-5FC97819B74A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{1BCC9FE7-DD5C-4D30-9D8A-9A84D3D8A84D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{90CD877F-C160-4F37-BBDA-B87EB3AB0E63}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{21321112-86C9-4BA7-8AB2-725138508806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{99FD495E-ABFB-4B58-BE6E-03BFC32F44B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{0F3A3305-592F-42B3-89C0-B6C3BB0710B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{E5C27EB9-FB62-4753-84DD-FC7C83E8C6B3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{876A7FF8-A92D-46F1-9D5C-62B16863099D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{BA672A5E-5C10-46BA-A26D-F60D569FD99C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{59ADD9E1-140F-47D4-9314-C269F37190CE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D6448B99-D7D0-48A3-9E8A-823DDCFCECAF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{1B181BE8-7CB3-4151-B790-EA9C9B0E4DAB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9F03467A-9D4C-4024-B890-D7FAED4B19BE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6B4A21D4-92C8-43CA-B0B6-4859A9326F01}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F2D16619-F4AA-49FE-BE40-0A7164939F04}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D2EBFB63-C50C-4645-BDA2-2B4AAF4AB5EE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A686CCA2-FF80-422E-B700-4857CD5B5270}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5CCBD8FF-E21B-421D-B08F-1563F5331A8B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C71654AA-B31A-4922-9346-56C18EFD6A29}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CB7C8B2A-60CC-43B9-B2C9-6D08F1B74BD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C9AA1D06-3AC6-48D2-8FFC-C4E410CF513B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2DDE9509-41E7-4262-8D74-AAE368A04878}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{375D3CD8-F4AD-40C4-91AA-D5F08B6A1CDE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{F14ED2F8-C047-40D6-86CC-E4449200D151}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DC5C5C55-0888-42D6-8667-88A37159CC9B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{C38C4447-B7DE-470F-9E8A-3F3A03E9972F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{75BD70D3-28D3-4FBB-8860-C0A4CD8854DA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{7FE99687-4DE9-4243-A825-1B3F86E7628B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{B4BB19E7-EBB5-4341-B7D3-DD473079F605}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1748E5AF-F313-478F-BB70-532D7CEC5EE1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9577CB40-1B25-4662-A9FE-0BE5D396C214}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CF8F1951-6FF2-499E-9AC8-AE89750A4A37}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BCB65C5F-04E8-441F-A35E-010C4EA898AB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{423B9FB5-5E35-4626-8BB7-C0053CB1855B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{9964D51D-4898-4B2B-B6AC-0187BE22E470}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4E2D5CC7-79F0-4B80-AE49-99EEC460AEBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{25FFAD2B-92CE-4EBC-A8FB-4D758B616713}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{415315B5-5FC6-420E-9FAA-50B0A08F510B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A71D3DA0-9978-483E-882D-3CEFEABF2553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{86BBF5B1-50ED-4219-AAFA-627F4307D2F9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{321B468B-48C2-441A-A529-C53FE75997D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{94A9E4AF-EF08-4DA4-8145-DAD41DCDB1AD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{04537518-6901-4D96-8E88-7FD104FE0BD1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5EE14985-3D3E-44F7-A052-74A63FD59E56}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CFF81E70-B6AF-4DEB-84B5-3C511468D7ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{542581D9-EEE9-493D-A3F2-38A58B56EA89}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{701F989E-8EBA-4D81-9E08-5CC558622933}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{82201CB2-486D-4CB2-B1FC-C19DB9BECDAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{82C49386-5C5B-4D1E-93A8-1B6DC937FA2C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6AE0ECC2-E0C4-4F18-8E2C-6415E714AF07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{326F7971-9773-4F43-8128-7EBE0A5AC08F}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E521A650-2F0A-4F0B-BB17-85CDD4A0F661}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{1F8AC210-1497-479B-A917-5FEDED50E050}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{23354467-E8E6-49FF-82C4-45EE34047C63}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{16A518A4-6885-45C4-BDB1-0AA9EE2182E2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{26E9BCBD-D163-4D9D-8EFB-D9AE914928D8}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{BDEAB55C-C95F-46E1-9214-811261A283FC}D:\xxx_backupc_sys\programme\webferret\webferret.exe] => (Allow) D:\xxx_backupc_sys\programme\webferret\webferret.exe
FirewallRules: [UDP Query User{148EFFCA-95CF-4639-A763-8C12DD4B371D}D:\xxx_backupc_sys\programme\webferret\webferret.exe] => (Allow) D:\xxx_backupc_sys\programme\webferret\webferret.exe
FirewallRules: [TCP Query User{126A03EA-9846-4858-AA27-46AD92A942DA}G:\programme\programme\chat\cchat.exe] => (Allow) G:\programme\programme\chat\cchat.exe
FirewallRules: [UDP Query User{CE597BF5-9D26-4E69-9AB8-B0F5D2E38454}G:\programme\programme\chat\cchat.exe] => (Allow) G:\programme\programme\chat\cchat.exe
FirewallRules: [{5D04EE03-E741-47E1-AADE-5B30C0480A69}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{931624AF-CA25-4DAF-B7FD-571FEEC3272D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BC41AF45-3AFB-4102-AFB6-2B4EC6E6E2F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EBA621A6-737C-425A-B157-2969CD3BEF25}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F4EBE2BB-2B3F-4B38-8413-C85A4BBE8001}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9E9A1771-502B-4563-8BDF-311BC9FB818E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0194421E-8D89-4E7A-9B1E-C3CF5D4FE4FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{51764262-2C03-423B-8C3B-02B180C33553}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{6893BD6D-6308-4EE1-9E25-B6F840FE7AC7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{5BFD3B45-D4B8-428C-B491-595D9B3BA757}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{596EBE3C-33C4-42CA-8DD4-36435382A737}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{77F3A796-F62F-4FFA-9B7C-A81781975848}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{20C3E1A5-5482-425D-B6BE-1236B63C38C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{7B2243B7-8F4E-4FF8-9D16-73F33E548160}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{4A66BED2-EB4D-4507-AD80-8F40A3A30845}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{2B1C4AE5-5A15-4F50-AF42-251BE5EA0AF2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 08:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.7, Zeitstempel: 0x5549779c
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011891
ID des fehlerhaften Prozesses: 0x230
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5

Error: (07/15/2015 01:15:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7b4

Startzeit: 01d0b8d6238e33f1

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 873993cf-2ae2-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/15/2015 01:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DISKSTAT.EXE, Version 1.13.0.90 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1938

Startzeit: 01d0beed77178358

Endzeit: 4294967295

Anwendungspfad: G:\DISKSTAT\DISKSTAT.EXE

Berichts-ID: e1c2b232-2ae0-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/13/2015 03:51:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1cd4

Startzeit: 01d0bd72ec2d73e7

Endzeit: 10

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: 4a422f06-2966-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/13/2015 02:49:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1160

Startzeit: 01d0bd69f3eb2463

Endzeit: 8

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: 85ad90c8-295d-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/13/2015 12:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ef0

Startzeit: 01d0bcee539b8fd9

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: 1a02e11f-28e2-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/12/2015 11:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm XEBEncoder.exe, Version 0.7.8.333 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c08

Startzeit: 01d0bced64ad86ff

Endzeit: 17

Anwendungspfad: C:\Program Files (x86)\ratDVD\XEBEncoder.exe

Berichts-ID: e7c10fdc-28e0-11e5-826b-acb57d188881

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/11/2015 11:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.3.9600.17667, Zeitstempel: 0x54c2ece8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x10868bd0
ID des fehlerhaften Prozesses: 0x378
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5

Error: (07/08/2015 02:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PortChanger.exe, Version: 0.0.0.0, Zeitstempel: 0x50123cc9
Name des fehlerhaften Moduls: PortChanger.exe, Version: 0.0.0.0, Zeitstempel: 0x50123cc9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000004be7
ID des fehlerhaften Prozesses: 0x1bf4
Startzeit der fehlerhaften Anwendung: 0xPortChanger.exe0
Pfad der fehlerhaften Anwendung: PortChanger.exe1
Pfad des fehlerhaften Moduls: PortChanger.exe2
Berichtskennung: PortChanger.exe3
Vollständiger Name des fehlerhaften Pakets: PortChanger.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PortChanger.exe5

Error: (07/07/2015 07:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.7, Zeitstempel: 0x5549779c
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011891
ID des fehlerhaften Prozesses: 0xa8c
Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0
Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1
Pfad des fehlerhaften Moduls: BackgroundAgent.exe2
Berichtskennung: BackgroundAgent.exe3
Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5


System errors:
=============
Error: (07/16/2015 01:17:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Modules Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/16/2015 01:15:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 01:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 01:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Support Solutions Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 01:15:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 01:15:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 01:15:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 01:15:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/16/2015 01:15:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/16/2015 01:15:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CCDMonitorService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/16/2015 08:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.75549779cMSVCR100.dll10.0.40219.3254df2be1ec00000050001189123001d0bf5872803e2dC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll412469e5-2b88-11e5-826c-acb57d188881

Error: (07/15/2015 01:15:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.176677b401d0b8d6238e33f10C:\Windows\Explorer.EXE873993cf-2ae2-11e5-826b-acb57d188881

Error: (07/15/2015 01:01:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DISKSTAT.EXE1.13.0.90193801d0beed771783584294967295G:\DISKSTAT\DISKSTAT.EXEe1c2b232-2ae0-11e5-826b-acb57d188881

Error: (07/13/2015 03:51:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.3331cd401d0bd72ec2d73e710C:\Program Files (x86)\ratDVD\XEBEncoder.exe4a422f06-2966-11e5-826b-acb57d188881

Error: (07/13/2015 02:49:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.333116001d0bd69f3eb24638C:\Program Files (x86)\ratDVD\XEBEncoder.exe85ad90c8-295d-11e5-826b-acb57d188881

Error: (07/13/2015 12:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.333ef001d0bcee539b8fd913C:\Program Files (x86)\ratDVD\XEBEncoder.exe1a02e11f-28e2-11e5-826b-acb57d188881

Error: (07/12/2015 11:57:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: XEBEncoder.exe0.7.8.3331c0801d0bced64ad86ff17C:\Program Files (x86)\ratDVD\XEBEncoder.exee7c10fdc-28e0-11e5-826b-acb57d188881

Error: (07/11/2015 11:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c2ece8unknown0.0.0.000000000c000000510868bd037801d0bc244230f3bcC:\Windows\SysWOW64\explorer.exeunknown8625ecb9-2817-11e5-826b-acb57d188881

Error: (07/08/2015 02:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PortChanger.exe0.0.0.050123cc9PortChanger.exe0.0.0.050123cc9c00000050000000000004be71bf401d0b97975df78f0C:\Windows\system32\PortChanger.exeC:\Windows\system32\PortChanger.exec17605d9-256c-11e5-826b-acb57d188881

Error: (07/07/2015 07:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.75549779cMSVCR100.dll10.0.40219.3254df2be1ec000000500011891a8c01d0b8d62fcad44bC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll22ce3f0e-24d1-11e5-826b-acb57d188881


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3240 @ 3.10GHz
Percentage of memory in use: 18%
Total physical RAM: 8001.52 MB
Available physical RAM: 6554.91 MB
Total Virtual: 9281.52 MB
Available Virtual: 7834.95 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456 GB) (Free:411.67 GB) NTFS
Drive d: (DATA) (Fixed) (Total:456.51 GB) (Free:251.41 GB) NTFS
Drive g: (2013Archiv) (Fixed) (Total:97.66 GB) (Free:29.68 GB) NTFS
Drive h: (2013Dokumente) (Fixed) (Total:97.66 GB) (Free:43.97 GB) NTFS
Drive i: (2013Musik) (Fixed) (Total:195.31 GB) (Free:101.19 GB) NTFS
Drive j: (2013Bilder) (Fixed) (Total:488.28 GB) (Free:73.42 GB) NTFS
Drive k: (2013Multi) (Fixed) (Total:97.66 GB) (Free:17.06 GB) NTFS
Drive l: (2013Backup) (Fixed) (Total:1817.95 GB) (Free:297.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BA4580F)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of log ============================
--- --- ---

wegasoft 16.07.2015 13:57
Liste der Anhänge anzeigen (Anzahl: 1)
Jetzt kam eine neue Warnung.

Ausgerechnet von der Trojaner-Board-Seite....??!!

(Siehe Anhang)

cosinus 16.07.2015 14:01
Du hast deinen NOD32 zu scharf eingestellt...

Nicht jeder Furz eines Scanners ist wirklich eine Meldung wert oder prokolliert gar etwas hochriskantes.

wegasoft 16.07.2015 14:09
Hmm.
Er hat "deepryBKA" vor der Trojaner-Board-URL gestellt. Wo kommt das her?
Der "BKA"-Trojaner?
Hätte man den nicht bei den Scans finden können?

cosinus 16.07.2015 14:13
Zitat:
Er hat "deepryBKA" vor der Trojaner-Board-URL gestellt. Wo kommt das her?
Der "BKA"-Trojaner?
Nein :lach:

deeprybka ist unser Anleitungs-Guru => http://www.trojaner-board.de/member.php?u=88286

wegasoft 16.07.2015 14:16
Waaaaa?!?!?
:wtf:
*lach*

Ist ja ´n Ding....

Hat also nichts mit den anderen Meldungen zu tun, die ich Anfangs mitgeschickt hatte.

Ok, so weit, so gut (oder schlecht)

Die Scans sind ok?

Irgendwas gefunden?

cosinus 16.07.2015 14:18
Da war nur etwas Adware. Siehe Logs von adwCleaner und JRT.
Ich glaube dein NOD32 dreht am Rad, ist zu scharf eingestellt.
Hast du da zuviel dran selber gefummelt? :wtf:

wegasoft 16.07.2015 14:22
Liste der Anhänge anzeigen (Anzahl: 1)
Eigentlich nicht, sollten Standard sein.....

Das bedeutet aber nicht, dass ich diese Meldungen ignorieren kann/darf?

cosinus 16.07.2015 14:28
Wenn du da nicht selbst dran rumgefummelt hast, wäre als nächster Schritt ein Anfrage beim ESET-Support vllt sinnvoller...


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27