Trojaner-Board - Ojee ich habe einen Trojaner - alles ist blau unterstrichen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Ojee ich habe einen Trojaner - alles ist blau unterstrichen - auch hier und werbung etc. poppt auf... (https://www.trojaner-board.de/163629-ojee-habe-trojaner-alles-blau-unterstrichen-werbung-etc-poppt.html)

Ojee ich habe einen Trojaner - alles ist blau unterstrichen - auch hier und werbung etc. poppt auf...

Guten Tag

Ich habe noch nie in ein Forum gepostet - die Premiere.

Leider habe ich mir seit Längerem einen Virus oder Trojaner eingefangen. Er ist bekannt habe ihn auf google etc. gefunden, jedoch findet in Avira und Spybot nicht. :/ habe auch hier im Forum etwas davon gelesen: Viele Wörter sind blau unterstrichen und es poppen Werbefenster aller Art auf. Firefox und glaube auch Internet Explorer.

Ich wäre sehr froh, wenn mir jemand helfen könnte. Ich habe mal den Systemscan mit FRST (nach Anleitung von hier) gemacht, aber weiss nun nicht was resp. wem ich die Logindaten senden kann. :)

Liebe Grüsse

Jenny Pfister

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hi,

Danke für die schnelle Antwort! :)

Anbei die Dateien im Anhang.

lg

Jenny

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01

Ran by jenni_000 at 2015-02-05 09:52:05

Running from C:\Users\jenni_000\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)

Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)

ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Dropbox (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)

PDF Architect 2 Create Module (HKLM-x32\...\{3D0D9604-0173-488D-9694-2638C44D7579}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden

TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jenni_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

28-01-2015 10:54:41 Windows Update

29-01-2015 14:07:17 Avira System Speedup 1.6
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0E3EC412-9F76-4717-8D6B-079FB8464DF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {0E7C434D-F794-4705-A126-CCBCA542D4A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-28] (Microsoft Corporation)

Task: {30E9B955-094F-40AE-9157-F6554796CF57} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)

Task: {39697F41-AF3D-46B7-AC20-10E94C210645} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-19] (Acer Incorporated)

Task: {3F6DC35B-0E37-4F28-8C19-96DDE391A812} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-65215496-3717533155-1263251077-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {40CB4B1E-B5FE-41DC-84F3-5E3F4EF57D34} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {43DB3CE1-A794-4517-A2BB-73AECFD6B857} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {4B4FC874-175E-4B01-A156-037ECBDB0967} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe

Task: {4C062AF3-9F6B-4794-B4AD-6553D37E5B00} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)

Task: {581315A3-9402-45FD-AEA1-E9FC5B27EADF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)

Task: {59C7E45E-4220-4672-99C5-CC625C72173A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: {6274495B-F132-44E0-B3F3-9D42D02AC0E9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

Task: {73C328A3-4F3F-4003-8976-E8A8D36DEBF5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {75F075A2-2562-4B89-8846-246EFC084DB5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {85BF3A11-A4C6-4AFA-91F7-0CA3BE814F25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {8F7CBDE6-ED58-462D-9F59-58DD4322AEA1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {B5EB3EFB-15B4-4E74-AE2C-2ABEA03E07E6} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {BE2DA710-6211-4E09-845E-8F1F8A066B26} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-10-04] (Dolby Laboratories Inc.)

Task: {D1ED31E7-DFFB-44F3-B353-56B073B2D889} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {D3A664A6-3CF6-48A1-81DD-6DA080CEB2E5} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"

Task: {D54DEDCE-6D7A-4088-91CF-7E131087562C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {DF508089-99D8-4E0F-A081-4949485D5713} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

Task: {E112C9BC-14F7-410F-AC3F-EC9D25D6B8D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {F5F83AED-C3F1-461F-9188-55169E6D676C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2014-10-16 15:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-07-18 17:32 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-10-04 03:41 - 2013-10-04 03:41 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll

2014-04-29 10:38 - 2014-04-29 10:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-04-29 10:35 - 2014-04-29 10:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-04-29 10:42 - 2014-04-29 10:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-05-19 10:10 - 2014-03-07 02:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-11-06 13:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-11-06 13:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-11-06 13:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-11-21 13:21 - 2014-11-21 13:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-11-21 13:20 - 2014-11-21 13:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

2014-11-21 13:20 - 2014-11-21 13:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-01-09 13:20 - 2015-01-09 13:20 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-02-05 09:48 - 2015-02-05 09:48 - 00043008 _____ () c:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvpsq_j.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2015-01-31 11:07 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-07-18 17:21 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Users\jenni_000\OneDrive:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Registry Areas =====================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jenni_000\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\StartupApproved\Run: => "AcerPortal"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-65215496-3717533155-1263251077-500 - Administrator - Disabled)

Gast (S-1-5-21-65215496-3717533155-1263251077-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-65215496-3717533155-1263251077-1003 - Limited - Enabled)

jenni_000 (S-1-5-21-65215496-3717533155-1263251077-1001 - Administrator - Enabled) => C:\Users\jenni_000
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/05/2015 09:49:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x3b8

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 

Error: (02/05/2015 08:56:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x1c80

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/04/2015 08:02:14 PM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()

   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   bei S...
 

Error: (02/04/2015 06:59:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (02/04/2015 05:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x5494253a

Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00056b1d

ID des fehlerhaften Prozesses: 0xca8

Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0

Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1

Pfad des fehlerhaften Moduls: BackgroundAgent.exe2

Berichtskennung: BackgroundAgent.exe3

Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5
 

Error: (02/04/2015 04:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x1898

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/01/2015 07:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0xcb0

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/01/2015 07:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: HostAppServiceUpdater.exe, Version: 1.0.0.0, Zeitstempel: 0x54cd48c9

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22

Ausnahmecode: 0xc0000374

Fehleroffset: 0x00000000000f0d6c

ID des fehlerhaften Prozesses: 0x4720

Startzeit der fehlerhaften Anwendung: 0xHostAppServiceUpdater.exe0

Pfad der fehlerhaften Anwendung: HostAppServiceUpdater.exe1

Pfad des fehlerhaften Moduls: HostAppServiceUpdater.exe2

Berichtskennung: HostAppServiceUpdater.exe3

Vollständiger Name des fehlerhaften Pakets: HostAppServiceUpdater.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HostAppServiceUpdater.exe5
 
 

System errors:

=============

Error: (02/05/2015 09:47:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (02/05/2015 09:47:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/04/2015 04:42:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (02/04/2015 04:42:07 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/04/2015 04:42:07 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/01/2015 07:52:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/01/2015 07:34:49 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/01/2015 07:34:49 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/01/2015 07:34:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/01/2015 05:27:04 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 

Microsoft Office Sessions:

=========================

Error: (02/05/2015 09:49:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f03b801d04120b9148206C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dllf6ea3a26-ad13-11e4-8273-3065ec471f4c
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\jenni_000\Downloads\SoftonicDownloader_for_dictionary-english-german-advanced-by-pons.exe
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\jenni_000\Downloads\SoftonicDownloader_for_wordweb.exe
 

Error: (02/05/2015 08:56:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f01c8001d0411943453d07C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll812626ed-ad0c-11e4-8272-3065ec471f4c
 

Error: (02/04/2015 08:02:14 PM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()

   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   bei S...
 

Error: (02/04/2015 06:59:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (02/04/2015 05:10:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1dca801d0409151a1c2fcC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll63e0ce3c-ac88-11e4-8272-3065ec471f4c
 

Error: (02/04/2015 04:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0189801d040918d135dfdC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dllcae3aca8-ac84-11e4-8272-3065ec471f4c
 

Error: (02/01/2015 07:37:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0cb001d03e4e221f2d13C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll5fe12d84-aa41-11e4-8271-3065ec471f4c
 

Error: (02/01/2015 07:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: HostAppServiceUpdater.exe1.0.0.054cd48c9ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c472001d03e49d83c91a2C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exeC:\Windows\SYSTEM32\ntdll.dlla72e51c1-aa3f-11e4-8271-3065ec471f4c
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz

Percentage of memory in use: 31%

Total physical RAM: 8115.27 MB

Available physical RAM: 5550.51 MB

Total Pagefile: 9651.27 MB

Available Pagefile: 6856.42 MB

Total Virtual: 131072 MB

Available Virtual: 131071.77 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:75.66 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 60E2FAA1)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01

Ran by jenni_000 (administrator) on ARBEITS-PC on 05-02-2015 09:51:42

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 (Available profiles: jenni_000)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Dropbox, Inc.) C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> DefaultScope {1F64988B-AA3D-11E4-8271-3065EC471F4C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {1F64988B-AA3D-11E4-8271-3065EC471F4C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default

FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab

FF SelectedSearchEngine: Web Search

FF Homepage: www.google.ch

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Extension: Avira Browser Safety - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\abs@avira.com [2015-02-05]

FF Extension: Sites - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-30]

FF Extension: Adblock Plus - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
 

Chrome: 

=======

CHR HomePage: Default -> 9A2FDDA367A95399EFEB3F3BBB43C712A37461D46F69199FBF637A93ABE44EE5

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]

CHR Extension: (Google Drive) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (Google-Suche) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Avira Browser Safety) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Google Mail) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jhpokclhnekmjlhknfihmghoblfgfeog] - C:\Program Files (x86)\chip\Chrome\chip-1.4.21.crx [2014-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]

S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-05 09:51 - 2015-02-05 09:51 - 02131968 _____ (Farbar) C:\Users\jenni_000\Desktop\FRST64.exe

2015-02-05 09:51 - 2015-02-05 09:51 - 00021974 _____ () C:\Users\jenni_000\Desktop\FRST.txt

2015-02-05 09:51 - 2015-02-05 09:51 - 00000000 ____D () C:\FRST

2015-02-05 09:49 - 2015-02-05 09:49 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-02-05 09:40 - 2015-02-05 09:40 - 00000252 _____ () C:\Users\jenni_000\Desktop\defogger_enable.log

2015-02-05 09:37 - 2015-02-05 09:37 - 00050477 _____ () C:\Users\jenni_000\Desktop\Defogger.exe

2015-02-05 09:20 - 2015-02-05 09:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-05 09:02 - 2015-02-05 09:02 - 00000000 ____D () C:\rei

2015-02-05 09:01 - 2015-02-05 09:01 - 00000099 _____ () C:\Windows\Reimage.ini

2015-02-01 19:36 - 2015-02-01 19:36 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-01 19:27 - 2015-02-01 19:27 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\WildTangent

2015-01-31 11:07 - 2015-01-31 11:07 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-31 08:21 - 2015-01-31 08:21 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-01-30 12:35 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150130-123518.backup

2015-01-30 11:49 - 2015-01-31 16:31 - 00000000 ____D () C:\Users\jenni_000\Desktop\mysound

2015-01-30 11:49 - 2015-01-30 11:55 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:50 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:49 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\TuneUp Software

2015-01-30 11:49 - 2014-03-20 14:44 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

2015-01-30 11:49 - 2014-03-20 14:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2015-01-30 11:49 - 2014-03-20 14:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

2015-01-30 11:48 - 2015-01-30 11:48 - 00001023 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\OpenCandy

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2015-01-16 20:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 20:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-16 20:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-16 20:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-16 20:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 20:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-16 20:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-16 20:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-16 20:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-16 20:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 13:35 - 2015-01-13 13:35 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-01-07 16:08 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150107-160815.backup
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-05 09:50 - 2014-10-16 11:56 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\CrashDumps

2015-02-05 09:49 - 2014-05-19 09:39 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-02-05 09:48 - 2014-11-06 14:00 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-05 09:48 - 2014-11-03 18:33 - 00000000 ___RD () C:\Users\jenni_000\Dropbox

2015-02-05 09:48 - 2014-11-03 18:30 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Dropbox

2015-02-05 09:48 - 2014-10-16 15:16 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC

2015-02-05 09:48 - 2014-10-16 09:21 - 00000000 ___DO () C:\Users\jenni_000\OneDrive

2015-02-05 09:48 - 2014-10-16 09:21 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\clear.fi

2015-02-05 09:48 - 2014-10-16 09:13 - 01349132 _____ () C:\Windows\WindowsUpdate.log

2015-02-05 09:47 - 2014-11-02 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-05 09:47 - 2013-08-22 15:46 - 00027360 _____ () C:\Windows\setupact.log

2015-02-05 09:47 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-05 09:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-02-05 09:40 - 2014-10-16 09:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-65215496-3717533155-1263251077-1001

2015-02-05 09:40 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000

2015-02-05 09:21 - 2014-11-02 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-05 09:11 - 2014-11-06 14:00 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-05 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-05 08:57 - 2014-10-16 10:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8412CCF4-4BA1-49DB-A8DB-576387D8637D}

2015-02-05 08:57 - 2014-07-18 17:40 - 00765582 _____ () C:\Windows\system32\perfh007.dat

2015-02-05 08:57 - 2014-07-18 17:40 - 00159366 _____ () C:\Windows\system32\perfc007.dat

2015-02-05 08:57 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-04 16:42 - 2014-03-18 10:54 - 00167360 _____ () C:\Windows\PFRO.log

2015-02-04 16:37 - 2014-11-26 12:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Skype

2015-02-01 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ____D () C:\ProgramData\WildTangent

2015-02-01 19:25 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Pokki

2015-01-31 11:52 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\VirtualStore

2015-01-31 08:05 - 2014-10-16 09:24 - 00000000 _____ () C:\Windows\system32\newflow.dat

2015-01-29 14:14 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Packages

2015-01-28 12:12 - 2014-10-16 12:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-28 12:11 - 2014-10-16 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-28 11:11 - 2014-11-06 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-28 10:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-01-24 21:20 - 2014-10-16 13:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 21:20 - 2014-10-16 13:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-20 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-20 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-13 10:37 - 2014-10-20 09:37 - 00000000 ____D () C:\Users\jenni_000\Desktop\Zhaw_5. Semester

2015-01-09 13:20 - 2014-05-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Acer

2015-01-08 18:20 - 2014-10-21 09:32 - 00679424 ___SH () C:\Users\jenni_000\Desktop\Thumbs.db
 

==================== Files in the root of some directories =======
 

2014-07-18 17:14 - 2014-07-18 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\jenni_000\AppData\Local\Temp\avgnt.exe

C:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvpsq_j.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-28 11:28
 

==================== End Of Log ============================

--- --- ---

--- --- ---

nochmals gemäss anleitung. sorry!

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01

Ran by jenni_000 (administrator) on ARBEITS-PC on 05-02-2015 15:14:45

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 (Available profiles: jenni_000)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

2. Code
 
 

        Code:


        
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01

Ran by jenni_000 at 2015-02-05 15:15:05

Running from C:\Users\jenni_000\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)

Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)

ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Dropbox (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)

PDF Architect 2 Create Module (HKLM-x32\...\{3D0D9604-0173-488D-9694-2638C44D7579}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden

TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jenni_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

28-01-2015 10:54:41 Windows Update

29-01-2015 14:07:17 Avira System Speedup 1.6
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0E3EC412-9F76-4717-8D6B-079FB8464DF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {30E9B955-094F-40AE-9157-F6554796CF57} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)

Task: {39697F41-AF3D-46B7-AC20-10E94C210645} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-19] (Acer Incorporated)

Task: {3F6DC35B-0E37-4F28-8C19-96DDE391A812} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-65215496-3717533155-1263251077-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {40CB4B1E-B5FE-41DC-84F3-5E3F4EF57D34} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {43DB3CE1-A794-4517-A2BB-73AECFD6B857} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {4B4FC874-175E-4B01-A156-037ECBDB0967} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe

Task: {4C062AF3-9F6B-4794-B4AD-6553D37E5B00} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)

Task: {581315A3-9402-45FD-AEA1-E9FC5B27EADF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)

Task: {59C7E45E-4220-4672-99C5-CC625C72173A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: {6274495B-F132-44E0-B3F3-9D42D02AC0E9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

Task: {73C328A3-4F3F-4003-8976-E8A8D36DEBF5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {75F075A2-2562-4B89-8846-246EFC084DB5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {85BF3A11-A4C6-4AFA-91F7-0CA3BE814F25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {8F7CBDE6-ED58-462D-9F59-58DD4322AEA1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {B5EB3EFB-15B4-4E74-AE2C-2ABEA03E07E6} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {BE2DA710-6211-4E09-845E-8F1F8A066B26} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-10-04] (Dolby Laboratories Inc.)

Task: {D1ED31E7-DFFB-44F3-B353-56B073B2D889} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {D3A664A6-3CF6-48A1-81DD-6DA080CEB2E5} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"

Task: {D54DEDCE-6D7A-4088-91CF-7E131087562C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {DF508089-99D8-4E0F-A081-4949485D5713} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

Task: {E112C9BC-14F7-410F-AC3F-EC9D25D6B8D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {F4CD5382-FE3E-44CD-AEC7-044B5F0137E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-28] (Microsoft Corporation)

Task: {F5F83AED-C3F1-461F-9188-55169E6D676C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2014-10-16 15:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-07-18 17:32 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-11-25 15:53 - 2014-11-25 15:54 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll

2013-10-04 03:41 - 2013-10-04 03:41 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll

2014-04-29 10:38 - 2014-04-29 10:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-04-29 10:35 - 2014-04-29 10:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-04-29 10:42 - 2014-04-29 10:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-05-19 10:10 - 2014-03-07 02:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2014-11-06 13:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-11-06 13:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-11-06 13:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-07-18 17:21 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-11-21 13:21 - 2014-11-21 13:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-11-21 13:20 - 2014-11-21 13:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-01-09 13:20 - 2015-01-09 13:20 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-02-05 11:08 - 2015-02-05 11:08 - 00043008 _____ () c:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplfqqrs.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2015-01-31 11:07 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Users\jenni_000\OneDrive:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Registry Areas =====================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jenni_000\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\StartupApproved\Run: => "AcerPortal"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-65215496-3717533155-1263251077-500 - Administrator - Disabled)

Gast (S-1-5-21-65215496-3717533155-1263251077-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-65215496-3717533155-1263251077-1003 - Limited - Enabled)

jenni_000 (S-1-5-21-65215496-3717533155-1263251077-1001 - Administrator - Enabled) => C:\Users\jenni_000
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/05/2015 03:13:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (02/05/2015 02:50:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x5494253a

Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00056b1d

ID des fehlerhaften Prozesses: 0x418

Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0

Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1

Pfad des fehlerhaften Moduls: BackgroundAgent.exe2

Berichtskennung: BackgroundAgent.exe3

Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5
 

Error: (02/05/2015 11:10:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x2758

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/05/2015 10:16:09 AM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()

   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   bei S...
 

Error: (02/05/2015 10:10:03 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x5494253a

Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00056b1d

ID des fehlerhaften Prozesses: 0x1758

Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0

Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1

Pfad des fehlerhaften Moduls: BackgroundAgent.exe2

Berichtskennung: BackgroundAgent.exe3

Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5
 

Error: (02/05/2015 09:49:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x3b8

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 

Error: (02/05/2015 08:56:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x1c80

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/04/2015 08:02:14 PM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()

   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   bei S...
 
 

System errors:

=============

Error: (02/05/2015 00:20:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/05/2015 09:47:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (02/05/2015 09:47:09 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/04/2015 04:42:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (02/04/2015 04:42:07 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/04/2015 04:42:07 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/01/2015 07:52:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/01/2015 07:34:49 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/01/2015 07:34:49 PM) (Source: DCOM) (EventID: 10010) (User: ARBEITS-PC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 

Error: (02/01/2015 07:34:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 
 

Microsoft Office Sessions:

=========================

Error: (02/05/2015 03:13:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (02/05/2015 02:50:29 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d41801d0412bbad0cfe7C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllf1554833-ad3d-11e4-8273-3065ec471f4c
 

Error: (02/05/2015 11:10:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0275801d0412bf6ee378bC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll34b038a3-ad1f-11e4-8273-3065ec471f4c
 

Error: (02/05/2015 10:16:09 AM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()

   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   bei S...
 

Error: (02/05/2015 10:10:03 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d175801d041207d66ed23C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dllc4304664-ad16-11e4-8273-3065ec471f4c
 

Error: (02/05/2015 09:49:59 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f03b801d04120b9148206C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dllf6ea3a26-ad13-11e4-8273-3065ec471f4c
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\jenni_000\Downloads\SoftonicDownloader_for_dictionary-english-german-advanced-by-pons.exe
 

Error: (02/05/2015 09:37:47 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\jenni_000\Downloads\SoftonicDownloader_for_wordweb.exe
 

Error: (02/05/2015 08:56:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f01c8001d0411943453d07C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll812626ed-ad0c-11e4-8272-3065ec471f4c
 

Error: (02/04/2015 08:02:14 PM) (Source: Avira Service Host) (EventID: 0) (User: )

Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()

   bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()

   bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)

   bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)

   bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)

   bei S...
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz

Percentage of memory in use: 28%

Total physical RAM: 8115.27 MB

Available physical RAM: 5840.05 MB

Total Pagefile: 9651.27 MB

Available Pagefile: 6914.86 MB

Total Virtual: 131072 MB

Available Virtual: 131071.81 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:75.46 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 60E2FAA1)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

 
--- --- ---
 
 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Dropbox, Inc.) C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> DefaultScope {1F64988B-AA3D-11E4-8271-3065EC471F4C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {1F64988B-AA3D-11E4-8271-3065EC471F4C} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default

FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab

FF SelectedSearchEngine: Web Search

FF Homepage: www.google.ch

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Extension: Avira Browser Safety - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\abs@avira.com [2015-02-05]

FF Extension: Sites - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-30]

FF Extension: Adblock Plus - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
 

Chrome: 

=======

CHR HomePage: Default -> 9A2FDDA367A95399EFEB3F3BBB43C712A37461D46F69199FBF637A93ABE44EE5

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]

CHR Extension: (Google Drive) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (Google-Suche) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Avira Browser Safety) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Google Mail) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jhpokclhnekmjlhknfihmghoblfgfeog] - C:\Program Files (x86)\chip\Chrome\chip-1.4.21.crx [2014-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]

S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-05 15:14 - 2015-02-05 15:14 - 00022036 _____ () C:\Users\jenni_000\Desktop\FRST.txt

2015-02-05 11:09 - 2015-02-05 11:09 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-02-05 09:51 - 2015-02-05 15:14 - 00000000 ____D () C:\FRST

2015-02-05 09:51 - 2015-02-05 09:51 - 02131968 _____ (Farbar) C:\Users\jenni_000\Desktop\FRST64.exe

2015-02-05 09:40 - 2015-02-05 09:40 - 00000252 _____ () C:\Users\jenni_000\Desktop\defogger_enable.log

2015-02-05 09:37 - 2015-02-05 09:37 - 00050477 _____ () C:\Users\jenni_000\Desktop\Defogger.exe

2015-02-05 09:20 - 2015-02-05 09:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-05 09:02 - 2015-02-05 09:02 - 00000000 ____D () C:\rei

2015-02-05 09:01 - 2015-02-05 09:01 - 00000099 _____ () C:\Windows\Reimage.ini

2015-02-01 19:36 - 2015-02-01 19:36 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk

2015-02-01 19:27 - 2015-02-01 19:27 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\WildTangent

2015-01-31 11:07 - 2015-01-31 11:07 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-31 08:21 - 2015-01-31 08:21 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-01-30 12:35 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150130-123518.backup

2015-01-30 11:49 - 2015-01-31 16:31 - 00000000 ____D () C:\Users\jenni_000\Desktop\mysound

2015-01-30 11:49 - 2015-01-30 11:55 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:50 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:49 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\TuneUp Software

2015-01-30 11:49 - 2014-03-20 14:44 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

2015-01-30 11:49 - 2014-03-20 14:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2015-01-30 11:49 - 2014-03-20 14:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

2015-01-30 11:48 - 2015-01-30 11:48 - 00001023 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\OpenCandy

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2015-01-16 20:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 20:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-16 20:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-16 20:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-16 20:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 20:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-16 20:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-16 20:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-16 20:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-16 20:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 13:35 - 2015-01-13 13:35 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-01-07 16:08 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150107-160815.backup
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-05 15:10 - 2014-11-06 14:00 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-05 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-05 14:52 - 2014-07-18 17:40 - 00765582 _____ () C:\Windows\system32\perfh007.dat

2015-02-05 14:52 - 2014-07-18 17:40 - 00159366 _____ () C:\Windows\system32\perfc007.dat

2015-02-05 14:52 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-05 14:50 - 2014-10-16 11:56 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\CrashDumps

2015-02-05 11:28 - 2014-10-16 15:16 - 00005158 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC

2015-02-05 11:21 - 2014-11-02 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-05 11:19 - 2014-10-16 09:13 - 01360015 _____ () C:\Windows\WindowsUpdate.log

2015-02-05 11:18 - 2014-10-16 09:24 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-65215496-3717533155-1263251077-1001

2015-02-05 11:11 - 2014-10-21 09:32 - 00710144 ___SH () C:\Users\jenni_000\Desktop\Thumbs.db

2015-02-05 11:09 - 2014-05-19 09:39 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-02-05 11:08 - 2014-11-06 14:00 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-05 11:08 - 2014-11-03 18:33 - 00000000 ___RD () C:\Users\jenni_000\Dropbox

2015-02-05 11:08 - 2014-11-03 18:30 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Dropbox

2015-02-05 11:08 - 2014-10-16 09:21 - 00000000 __RDO () C:\Users\jenni_000\OneDrive

2015-02-05 11:08 - 2014-10-16 09:21 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\clear.fi

2015-02-05 09:47 - 2013-08-22 15:46 - 00027360 _____ () C:\Windows\setupact.log

2015-02-05 09:47 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-05 09:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-02-05 09:40 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000

2015-02-05 09:21 - 2014-11-02 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-05 08:57 - 2014-10-16 10:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8412CCF4-4BA1-49DB-A8DB-576387D8637D}

2015-02-04 16:42 - 2014-03-18 10:54 - 00167360 _____ () C:\Windows\PFRO.log

2015-02-04 16:37 - 2014-11-26 12:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Skype

2015-02-01 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ____D () C:\ProgramData\WildTangent

2015-02-01 19:25 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Pokki

2015-01-31 11:52 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\VirtualStore

2015-01-31 08:05 - 2014-10-16 09:24 - 00000000 _____ () C:\Windows\system32\newflow.dat

2015-01-29 14:14 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Packages

2015-01-28 12:12 - 2014-10-16 12:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-28 12:11 - 2014-10-16 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-28 11:11 - 2014-11-06 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-28 10:54 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-01-24 21:20 - 2014-10-16 13:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 21:20 - 2014-10-16 13:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-20 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-20 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-13 10:37 - 2014-10-20 09:37 - 00000000 ____D () C:\Users\jenni_000\Desktop\Zhaw_5. Semester

2015-01-09 13:20 - 2014-05-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Acer
 

==================== Files in the root of some directories =======
 

2014-07-18 17:14 - 2014-07-18 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\jenni_000\AppData\Local\Temp\avgnt.exe

C:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplfqqrs.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-28 11:28
 

==================== End Of Log ============================

--- --- ---

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 06.02.2015

Suchlauf-Zeit: 22:34:55

Logdatei: logdatei_malwarebytes.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.02.06.08

Rootkit Datenbank: v2015.02.03.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: jenni_000
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 335797

Verstrichene Zeit: 8 Min, 3 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 1

PUP.Optional.Softonic.A, HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Löschen bei Neustart, [b789ad6e5d2d2214fe60e2acff0449b7], 
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 3

PUP.Optional.OpenCandy, C:\Users\jenni_000\AppData\Roaming\OpenCandy, In Quarantäne, [4000b16ad4b64fe7d99ff45959aa7c84], 

PUP.Optional.OpenCandy, C:\Users\jenni_000\AppData\Roaming\OpenCandy\6AE210AC7C15484CB4BF396283580C29, In Quarantäne, [4000b16ad4b64fe7d99ff45959aa7c84], 

PUP.Optional.OpenCandy, C:\Users\jenni_000\AppData\Roaming\OpenCandy\86B025EC23E3412DA1B5333FC655A2B6, In Quarantäne, [4000b16ad4b64fe7d99ff45959aa7c84], 
 

Dateien: 4

PUP.Optional.Softonic, C:\$Recycle.Bin\S-1-5-21-65215496-3717533155-1263251077-1001\$RSVV8WK.exe, In Quarantäne, [d46c50cb3654b581d0ef9dbddf2109f7], 

PUP.Optional.Softonic, C:\$Recycle.Bin\S-1-5-21-65215496-3717533155-1263251077-1001\$R0OL040.exe, In Quarantäne, [370935e693f76acc18a76bef18e81de3], 

PUP.Optional.OpenCandy, C:\Users\jenni_000\AppData\Roaming\OpenCandy\6AE210AC7C15484CB4BF396283580C29\TuneUp2014SWI1day-de-DE-p4v1.exe, In Quarantäne, [4000b16ad4b64fe7d99ff45959aa7c84], 

PUP.Optional.OpenCandy, C:\Users\jenni_000\AppData\Roaming\OpenCandy\86B025EC23E3412DA1B5333FC655A2B6\setup0116.exe, In Quarantäne, [4000b16ad4b64fe7d99ff45959aa7c84], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Code:

# AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 22:48:15

# Aktualisiert 05/02/2015 von Xplode

# Datenbank : 2015-02-05.2 [Server]

# Betriebssystem : Windows 8.1  (x64)

# Benutzername : jenni_000 - ARBEITS-PC

# Gestarted von : C:\Users\jenni_000\Desktop\AdwCleaner_4.110.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\JENNI_~1\AppData\Local\Temp\Positive Finds

Ordner Gelöscht : C:\Users\jenni_000\AppData\Roaming\pdfforge

Ordner Gelöscht : C:\Users\jenni_000\AppData\Roaming\WebExtend

Datei Gelöscht : C:\Windows\Reimage.ini

Datei Gelöscht : C:\Users\jenni_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk

Datei Gelöscht : C:\Users\jenni_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Classes\pokki

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKCU\Software\Ciuvo

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKLM\SOFTWARE\PositiveFinds

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17416
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 

[8rfwbd3m.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
 

-\\ Google Chrome v40.0.2214.94
 
 

*************************
 

AdwCleaner[R0].txt - [2174 Bytes] - [06/02/2015 22:46:47]

AdwCleaner[S0].txt - [2003 Bytes] - [06/02/2015 22:48:15]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2062  Bytes] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 8.1 x64

Ran by jenni_000 on 06.02.2015 at 22:51:48,41

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F64988B-AA3D-11E4-8271-3065EC471F4C}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 06.02.2015 at 22:54:41,64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01

Ran by jenni_000 (administrator) on ARBEITS-PC on 06-02-2015 22:56:00

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 (Available profiles: jenni_000)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Dropbox, Inc.) C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default

FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab

FF Homepage: www.google.ch

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Extension: Avira Browser Safety - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\abs@avira.com [2015-02-06]

FF Extension: Sites - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-30]

FF Extension: Adblock Plus - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
 

Chrome: 

=======

CHR HomePage: Default -> 9A2FDDA367A95399EFEB3F3BBB43C712A37461D46F69199FBF637A93ABE44EE5

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]

CHR Extension: (Google Drive) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (Google-Suche) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Avira Browser Safety) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Google Mail) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jhpokclhnekmjlhknfihmghoblfgfeog] - C:\Program Files (x86)\chip\Chrome\chip-1.4.21.crx [2014-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]

S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-06 22:56 - 2015-02-06 22:56 - 00022585 _____ () C:\Users\jenni_000\Desktop\FRST.txt

2015-02-06 22:54 - 2015-02-06 22:54 - 00000765 _____ () C:\Users\jenni_000\Desktop\JRT.txt

2015-02-06 22:50 - 2015-02-06 22:50 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-02-06 22:46 - 2015-02-06 22:48 - 00000000 ____D () C:\AdwCleaner

2015-02-06 22:41 - 2015-02-06 22:41 - 01388274 _____ (Thisisu) C:\Users\jenni_000\Desktop\JRT.exe

2015-02-06 22:40 - 2015-02-06 22:40 - 02112512 _____ () C:\Users\jenni_000\Desktop\AdwCleaner_4.110.exe

2015-02-06 22:34 - 2015-02-06 22:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-06 22:34 - 2015-02-06 22:34 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-06 22:32 - 2015-02-06 22:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jenni_000\Desktop\mbam-setup-2.0.4.1028.exe

2015-02-05 09:51 - 2015-02-06 22:56 - 00000000 ____D () C:\FRST

2015-02-05 09:51 - 2015-02-05 09:51 - 02131968 _____ (Farbar) C:\Users\jenni_000\Desktop\FRST64.exe

2015-02-05 09:37 - 2015-02-05 09:37 - 00050477 _____ () C:\Users\jenni_000\Desktop\Defogger.exe

2015-02-05 09:20 - 2015-02-05 09:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-05 09:02 - 2015-02-05 09:02 - 00000000 ____D () C:\rei

2015-02-01 19:27 - 2015-02-01 19:27 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\WildTangent

2015-01-31 11:07 - 2015-01-31 11:07 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-31 08:21 - 2015-01-31 08:21 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-01-30 12:35 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150130-123518.backup

2015-01-30 11:49 - 2015-01-31 16:31 - 00000000 ____D () C:\Users\jenni_000\Desktop\mysound

2015-01-30 11:49 - 2015-01-30 11:55 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:50 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:49 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\TuneUp Software

2015-01-30 11:49 - 2014-03-20 14:44 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

2015-01-30 11:49 - 2014-03-20 14:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2015-01-30 11:49 - 2014-03-20 14:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

2015-01-30 11:48 - 2015-01-30 11:48 - 00001023 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2015-01-16 20:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 20:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-16 20:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-16 20:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-16 20:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 20:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-16 20:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-16 20:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-16 20:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-16 20:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 13:35 - 2015-01-13 13:35 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-01-07 16:08 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150107-160815.backup
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-06 22:52 - 2014-10-16 15:16 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC

2015-02-06 22:52 - 2014-10-16 09:21 - 00000000 ___DO () C:\Users\jenni_000\OneDrive

2015-02-06 22:51 - 2014-10-16 11:56 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\CrashDumps

2015-02-06 22:50 - 2014-11-03 18:33 - 00000000 ___RD () C:\Users\jenni_000\Dropbox

2015-02-06 22:50 - 2014-11-03 18:30 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Dropbox

2015-02-06 22:50 - 2014-10-16 09:21 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\clear.fi

2015-02-06 22:50 - 2014-10-16 09:13 - 01559550 _____ () C:\Windows\WindowsUpdate.log

2015-02-06 22:50 - 2014-05-19 09:39 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-02-06 22:49 - 2014-11-06 14:00 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-06 22:48 - 2014-03-18 10:54 - 00170152 _____ () C:\Windows\PFRO.log

2015-02-06 22:48 - 2013-08-22 15:46 - 00027592 _____ () C:\Windows\setupact.log

2015-02-06 22:48 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-06 22:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-02-06 22:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer

2015-02-06 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-06 22:35 - 2014-10-16 09:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-65215496-3717533155-1263251077-1001

2015-02-06 22:32 - 2014-10-16 10:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8412CCF4-4BA1-49DB-A8DB-576387D8637D}

2015-02-06 22:32 - 2014-07-18 17:40 - 00765582 _____ () C:\Windows\system32\perfh007.dat

2015-02-06 22:32 - 2014-07-18 17:40 - 00159366 _____ () C:\Windows\system32\perfc007.dat

2015-02-06 22:32 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-06 22:31 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-02-05 15:21 - 2014-11-02 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-05 15:10 - 2014-11-06 14:00 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-05 11:11 - 2014-10-21 09:32 - 00710144 ___SH () C:\Users\jenni_000\Desktop\Thumbs.db

2015-02-05 09:40 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000

2015-02-05 09:21 - 2014-11-02 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-04 16:37 - 2014-11-26 12:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Skype

2015-02-01 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ____D () C:\ProgramData\WildTangent

2015-02-01 19:25 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Pokki

2015-01-31 11:52 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\VirtualStore

2015-01-31 08:05 - 2014-10-16 09:24 - 00000000 _____ () C:\Windows\system32\newflow.dat

2015-01-29 14:14 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Packages

2015-01-28 12:12 - 2014-10-16 12:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-28 12:11 - 2014-10-16 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-28 11:11 - 2014-11-06 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-24 21:20 - 2014-10-16 13:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 21:20 - 2014-10-16 13:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-20 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-20 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-13 10:37 - 2014-10-20 09:37 - 00000000 ____D () C:\Users\jenni_000\Desktop\Zhaw_5. Semester

2015-01-09 13:20 - 2014-05-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Acer
 

==================== Files in the root of some directories =======
 

2014-07-18 17:14 - 2014-07-18 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\jenni_000\AppData\Local\Temp\avgnt.exe

C:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5tlct_.dll

C:\Users\jenni_000\AppData\Local\Temp\Quarantine.exe

C:\Users\jenni_000\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-28 11:28
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01

Ran by jenni_000 (administrator) on ARBEITS-PC on 06-02-2015 22:56:00

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 (Available profiles: jenni_000)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Dropbox, Inc.) C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default

FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab

FF Homepage: www.google.ch

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Extension: Avira Browser Safety - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\abs@avira.com [2015-02-06]

FF Extension: Sites - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-30]

FF Extension: Adblock Plus - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
 

Chrome: 

=======

CHR HomePage: Default -> 9A2FDDA367A95399EFEB3F3BBB43C712A37461D46F69199FBF637A93ABE44EE5

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]

CHR Extension: (Google Drive) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (Google-Suche) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Avira Browser Safety) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Google Mail) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jhpokclhnekmjlhknfihmghoblfgfeog] - C:\Program Files (x86)\chip\Chrome\chip-1.4.21.crx [2014-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]

S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-06 22:56 - 2015-02-06 22:56 - 00022585 _____ () C:\Users\jenni_000\Desktop\FRST.txt

2015-02-06 22:54 - 2015-02-06 22:54 - 00000765 _____ () C:\Users\jenni_000\Desktop\JRT.txt

2015-02-06 22:50 - 2015-02-06 22:50 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-02-06 22:46 - 2015-02-06 22:48 - 00000000 ____D () C:\AdwCleaner

2015-02-06 22:41 - 2015-02-06 22:41 - 01388274 _____ (Thisisu) C:\Users\jenni_000\Desktop\JRT.exe

2015-02-06 22:40 - 2015-02-06 22:40 - 02112512 _____ () C:\Users\jenni_000\Desktop\AdwCleaner_4.110.exe

2015-02-06 22:34 - 2015-02-06 22:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-06 22:34 - 2015-02-06 22:34 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-06 22:32 - 2015-02-06 22:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jenni_000\Desktop\mbam-setup-2.0.4.1028.exe

2015-02-05 09:51 - 2015-02-06 22:56 - 00000000 ____D () C:\FRST

2015-02-05 09:51 - 2015-02-05 09:51 - 02131968 _____ (Farbar) C:\Users\jenni_000\Desktop\FRST64.exe

2015-02-05 09:37 - 2015-02-05 09:37 - 00050477 _____ () C:\Users\jenni_000\Desktop\Defogger.exe

2015-02-05 09:20 - 2015-02-05 09:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-05 09:02 - 2015-02-05 09:02 - 00000000 ____D () C:\rei

2015-02-01 19:27 - 2015-02-01 19:27 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\WildTangent

2015-01-31 11:07 - 2015-01-31 11:07 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-31 08:21 - 2015-01-31 08:21 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-01-30 12:35 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150130-123518.backup

2015-01-30 11:49 - 2015-01-31 16:31 - 00000000 ____D () C:\Users\jenni_000\Desktop\mysound

2015-01-30 11:49 - 2015-01-30 11:55 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:50 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:49 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\TuneUp Software

2015-01-30 11:49 - 2014-03-20 14:44 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

2015-01-30 11:49 - 2014-03-20 14:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2015-01-30 11:49 - 2014-03-20 14:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

2015-01-30 11:48 - 2015-01-30 11:48 - 00001023 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2015-01-16 20:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 20:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-16 20:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-16 20:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-16 20:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 20:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-16 20:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-16 20:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-16 20:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-16 20:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 13:35 - 2015-01-13 13:35 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-01-07 16:08 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150107-160815.backup
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-06 22:52 - 2014-10-16 15:16 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC

2015-02-06 22:52 - 2014-10-16 09:21 - 00000000 ___DO () C:\Users\jenni_000\OneDrive

2015-02-06 22:51 - 2014-10-16 11:56 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\CrashDumps

2015-02-06 22:50 - 2014-11-03 18:33 - 00000000 ___RD () C:\Users\jenni_000\Dropbox

2015-02-06 22:50 - 2014-11-03 18:30 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Dropbox

2015-02-06 22:50 - 2014-10-16 09:21 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\clear.fi

2015-02-06 22:50 - 2014-10-16 09:13 - 01559550 _____ () C:\Windows\WindowsUpdate.log

2015-02-06 22:50 - 2014-05-19 09:39 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-02-06 22:49 - 2014-11-06 14:00 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-06 22:48 - 2014-03-18 10:54 - 00170152 _____ () C:\Windows\PFRO.log

2015-02-06 22:48 - 2013-08-22 15:46 - 00027592 _____ () C:\Windows\setupact.log

2015-02-06 22:48 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-06 22:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-02-06 22:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer

2015-02-06 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-06 22:35 - 2014-10-16 09:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-65215496-3717533155-1263251077-1001

2015-02-06 22:32 - 2014-10-16 10:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8412CCF4-4BA1-49DB-A8DB-576387D8637D}

2015-02-06 22:32 - 2014-07-18 17:40 - 00765582 _____ () C:\Windows\system32\perfh007.dat

2015-02-06 22:32 - 2014-07-18 17:40 - 00159366 _____ () C:\Windows\system32\perfc007.dat

2015-02-06 22:32 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-06 22:31 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-02-05 15:21 - 2014-11-02 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-05 15:10 - 2014-11-06 14:00 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-05 11:11 - 2014-10-21 09:32 - 00710144 ___SH () C:\Users\jenni_000\Desktop\Thumbs.db

2015-02-05 09:40 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000

2015-02-05 09:21 - 2014-11-02 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-04 16:37 - 2014-11-26 12:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Skype

2015-02-01 19:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-01 19:36 - 2014-10-16 10:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ____D () C:\ProgramData\WildTangent

2015-02-01 19:25 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Pokki

2015-01-31 11:52 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\VirtualStore

2015-01-31 08:05 - 2014-10-16 09:24 - 00000000 _____ () C:\Windows\system32\newflow.dat

2015-01-29 14:14 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Packages

2015-01-28 12:12 - 2014-10-16 12:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-28 12:11 - 2014-10-16 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-28 11:11 - 2014-11-06 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-24 21:20 - 2014-10-16 13:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 21:20 - 2014-10-16 13:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-20 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-20 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-13 10:37 - 2014-10-20 09:37 - 00000000 ____D () C:\Users\jenni_000\Desktop\Zhaw_5. Semester

2015-01-09 13:20 - 2014-05-19 09:39 - 00000000 ____D () C:\Program Files (x86)\Acer
 

==================== Files in the root of some directories =======
 

2014-07-18 17:14 - 2014-07-18 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\jenni_000\AppData\Local\Temp\avgnt.exe

C:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5tlct_.dll

C:\Users\jenni_000\AppData\Local\Temp\Quarantine.exe

C:\Users\jenni_000\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-28 11:28
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01

Ran by jenni_000 at 2015-02-06 22:56:20

Running from C:\Users\jenni_000\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)

Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)

ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Dropbox (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)

PDF Architect 2 Create Module (HKLM-x32\...\{3D0D9604-0173-488D-9694-2638C44D7579}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden

TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jenni_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

28-01-2015 10:54:41 Windows Update

29-01-2015 14:07:17 Avira System Speedup 1.6
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0E3EC412-9F76-4717-8D6B-079FB8464DF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {30E9B955-094F-40AE-9157-F6554796CF57} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)

Task: {39697F41-AF3D-46B7-AC20-10E94C210645} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-19] (Acer Incorporated)

Task: {3F6DC35B-0E37-4F28-8C19-96DDE391A812} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-65215496-3717533155-1263251077-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {40CB4B1E-B5FE-41DC-84F3-5E3F4EF57D34} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {43DB3CE1-A794-4517-A2BB-73AECFD6B857} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {4B4FC874-175E-4B01-A156-037ECBDB0967} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe

Task: {4C062AF3-9F6B-4794-B4AD-6553D37E5B00} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)

Task: {581315A3-9402-45FD-AEA1-E9FC5B27EADF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)

Task: {59C7E45E-4220-4672-99C5-CC625C72173A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: {6274495B-F132-44E0-B3F3-9D42D02AC0E9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

Task: {73C328A3-4F3F-4003-8976-E8A8D36DEBF5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {75F075A2-2562-4B89-8846-246EFC084DB5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {85BF3A11-A4C6-4AFA-91F7-0CA3BE814F25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {8F7CBDE6-ED58-462D-9F59-58DD4322AEA1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {B5EB3EFB-15B4-4E74-AE2C-2ABEA03E07E6} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {BE2DA710-6211-4E09-845E-8F1F8A066B26} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-10-04] (Dolby Laboratories Inc.)

Task: {D1ED31E7-DFFB-44F3-B353-56B073B2D889} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {D3A664A6-3CF6-48A1-81DD-6DA080CEB2E5} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"

Task: {D54DEDCE-6D7A-4088-91CF-7E131087562C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {DF508089-99D8-4E0F-A081-4949485D5713} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

Task: {E112C9BC-14F7-410F-AC3F-EC9D25D6B8D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {F4CD5382-FE3E-44CD-AEC7-044B5F0137E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-28] (Microsoft Corporation)

Task: {F5F83AED-C3F1-461F-9188-55169E6D676C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2014-10-16 15:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-07-18 17:32 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-10-04 03:41 - 2013-10-04 03:41 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll

2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-05-19 10:10 - 2014-03-07 02:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2014-04-29 10:38 - 2014-04-29 10:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-04-29 10:35 - 2014-04-29 10:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-04-29 10:42 - 2014-04-29 10:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-11-06 13:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-11-06 13:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-11-06 13:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2014-11-21 13:20 - 2014-11-21 13:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-01-09 13:20 - 2015-01-09 13:20 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-02-06 22:50 - 2015-02-06 22:50 - 00043008 _____ () c:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5tlct_.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-07-18 17:21 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-11-21 13:21 - 2014-11-21 13:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-11-21 13:20 - 2014-11-21 13:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Users\jenni_000\OneDrive:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Registry Areas =====================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jenni_000\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\StartupApproved\Run: => "AcerPortal"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-65215496-3717533155-1263251077-500 - Administrator - Disabled)

Gast (S-1-5-21-65215496-3717533155-1263251077-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-65215496-3717533155-1263251077-1003 - Limited - Enabled)

jenni_000 (S-1-5-21-65215496-3717533155-1263251077-1001 - Administrator - Enabled) => C:\Users\jenni_000
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz

Percentage of memory in use: 23%

Total physical RAM: 8115.27 MB

Available physical RAM: 6224.96 MB

Total Pagefile: 9651.27 MB

Available Pagefile: 7247.29 MB

Total Virtual: 131072 MB

Available Virtual: 131071.81 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:74.81 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 60E2FAA1)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=2385a1e0dde87842a8e9a7ef76f59d8f

# engine=22392

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-10 09:18:31

# local_time=2015-02-10 10:18:31 (+0100, Mitteleuropäische Zeit)

# country="Switzerland"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 99 1535 12004451 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 7092182 48441204 0 0

# scanned=193875

# found=1

# cleaned=0

# scan_time=1036

sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-65215496-3717533155-1263251077-1001\$R3BOD4Z.exe"

Code:

Results of screen317's Security Check version 0.99.96  

   x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop      

Windows Defender   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 TuneUp Utilities 2014 (de-DE)  

 TuneUp Utilities 2014   

  Java 64-bit 8 Update 31  

 Adobe Flash Player         16.0.0.305  

 Adobe Reader XI  

 Mozilla Firefox (35.0.1) 

 Google Chrome (40.0.2214.111) 

 Google Chrome (40.0.2214.94) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Spybot Teatimer.exe is disabled! 

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by jenni_000 (administrator) on ARBEITS-PC on 10-02-2015 12:44:19

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 &  (Available profiles: jenni_000)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Dropbox, Inc.) C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\splwow64.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))

HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default

FF NewTab: hxxp://homepage-web.com/?s=acer&m=tab

FF Homepage: www.google.ch

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)

FF Extension: Avira Browser Safety - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\abs@avira.com [2015-02-06]

FF Extension: Sites - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-30]

FF Extension: Adblock Plus - C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\8rfwbd3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-04]
 

Chrome: 

=======

CHR HomePage: Default -> 9A2FDDA367A95399EFEB3F3BBB43C712A37461D46F69199FBF637A93ABE44EE5

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]

CHR Extension: (Google Drive) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (Google-Suche) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Avira Browser Safety) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Google Mail) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jhpokclhnekmjlhknfihmghoblfgfeog] - C:\Program Files (x86)\chip\Chrome\chip-1.4.21.crx [2014-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]

S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-10 12:44 - 2015-02-10 12:44 - 00024922 _____ () C:\Users\jenni_000\Desktop\FRST.txt

2015-02-10 12:44 - 2015-02-10 12:44 - 00000000 ____D () C:\Users\jenni_000\Desktop\FRST-OlderVersion

2015-02-10 09:55 - 2015-02-10 09:55 - 00852594 _____ () C:\Users\jenni_000\Desktop\SecurityCheck.exe

2015-02-10 09:53 - 2015-02-10 09:53 - 02347384 _____ (ESET) C:\Users\jenni_000\Desktop\esetsmartinstaller_deu.exe

2015-02-10 09:52 - 2015-02-10 09:52 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-02-06 23:21 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150206-232141.backup

2015-02-06 22:46 - 2015-02-06 22:48 - 00000000 ____D () C:\AdwCleaner

2015-02-06 22:41 - 2015-02-06 22:41 - 01388274 _____ (Thisisu) C:\Users\jenni_000\Desktop\JRT.exe

2015-02-06 22:40 - 2015-02-06 22:40 - 02112512 _____ () C:\Users\jenni_000\Desktop\AdwCleaner_4.110.exe

2015-02-06 22:34 - 2015-02-10 12:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-06 22:34 - 2015-02-06 22:34 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-06 22:32 - 2015-02-06 22:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jenni_000\Desktop\mbam-setup-2.0.4.1028.exe

2015-02-05 09:51 - 2015-02-10 12:44 - 02132992 _____ (Farbar) C:\Users\jenni_000\Desktop\FRST64.exe

2015-02-05 09:51 - 2015-02-10 12:44 - 00000000 ____D () C:\FRST

2015-02-05 09:37 - 2015-02-05 09:37 - 00050477 _____ () C:\Users\jenni_000\Desktop\Defogger.exe

2015-02-05 09:20 - 2015-02-05 09:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-05 09:02 - 2015-02-05 09:02 - 00000000 ____D () C:\rei

2015-02-01 19:27 - 2015-02-01 19:27 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\WildTangent

2015-01-31 11:07 - 2015-01-31 11:07 - 00001175 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00001163 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-31 11:07 - 2015-01-31 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-31 08:21 - 2015-01-31 08:21 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-01-30 12:35 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150130-123518.backup

2015-01-30 11:49 - 2015-01-31 16:31 - 00000000 ____D () C:\Users\jenni_000\Desktop\mysound

2015-01-30 11:49 - 2015-01-30 11:55 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:50 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:49 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\TuneUp Software

2015-01-30 11:49 - 2014-03-20 14:44 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

2015-01-30 11:49 - 2014-03-20 14:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2015-01-30 11:49 - 2014-03-20 14:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

2015-01-30 11:48 - 2015-01-30 11:48 - 00001023 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2015-01-16 20:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 20:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-16 20:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-16 20:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-16 20:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 20:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-16 20:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-16 20:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-16 20:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-16 20:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 13:35 - 2015-01-13 13:35 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-10 12:39 - 2014-10-16 09:13 - 01990991 _____ () C:\Windows\WindowsUpdate.log

2015-02-10 12:32 - 2014-07-18 17:40 - 00765582 _____ () C:\Windows\system32\perfh007.dat

2015-02-10 12:32 - 2014-07-18 17:40 - 00159366 _____ () C:\Windows\system32\perfc007.dat

2015-02-10 12:32 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-10 12:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-10 10:31 - 2014-10-16 09:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-65215496-3717533155-1263251077-1001

2015-02-10 10:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-10 10:23 - 2014-10-16 15:16 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC

2015-02-10 10:21 - 2014-11-02 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-10 10:15 - 2014-11-06 14:00 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-10 10:10 - 2014-11-06 14:00 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-10 10:10 - 2014-11-06 14:00 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-10 10:10 - 2014-11-06 14:00 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-10 10:03 - 2014-10-16 11:56 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\CrashDumps

2015-02-10 09:54 - 2014-10-16 10:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8412CCF4-4BA1-49DB-A8DB-576387D8637D}

2015-02-10 09:54 - 2014-10-16 09:21 - 00000000 ___DO () C:\Users\jenni_000\OneDrive

2015-02-10 09:53 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-10 09:53 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-10 09:53 - 2014-10-16 10:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-10 09:52 - 2014-05-19 09:39 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-02-10 09:51 - 2014-11-03 18:33 - 00000000 ___RD () C:\Users\jenni_000\Dropbox

2015-02-10 09:51 - 2014-11-03 18:30 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Dropbox

2015-02-10 09:51 - 2014-10-16 09:24 - 00000000 _____ () C:\Windows\system32\newflow.dat

2015-02-10 09:51 - 2014-10-16 09:21 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\clear.fi

2015-02-06 23:05 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-02-06 22:48 - 2014-03-18 10:54 - 00170152 _____ () C:\Windows\PFRO.log

2015-02-06 22:48 - 2013-08-22 15:46 - 00027592 _____ () C:\Windows\setupact.log

2015-02-06 22:48 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-06 22:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-02-06 22:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer

2015-02-05 11:11 - 2014-10-21 09:32 - 00710144 ___SH () C:\Users\jenni_000\Desktop\Thumbs.db

2015-02-05 09:40 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000

2015-02-05 09:21 - 2014-11-02 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-04 16:37 - 2014-11-26 12:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Skype

2015-02-03 20:31 - 2014-10-16 13:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-03 20:31 - 2014-10-16 13:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ____D () C:\ProgramData\WildTangent

2015-02-01 19:25 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Pokki

2015-01-31 11:52 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\VirtualStore

2015-01-29 14:14 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Packages

2015-01-28 12:12 - 2014-10-16 12:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-28 12:11 - 2014-10-16 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-28 11:11 - 2014-11-06 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-20 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-20 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-13 10:37 - 2014-10-20 09:37 - 00000000 ____D () C:\Users\jenni_000\Desktop\Zhaw_5. Semester
 

==================== Files in the root of some directories =======
 

2014-07-18 17:14 - 2014-07-18 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\jenni_000\AppData\Local\Temp\avgnt.exe

C:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppifsye.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-10 10:25
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

leider hat sich noch nichts verändert. der trojaner muss noch irgendwo sein... :/
Danke und gruss

Jenny

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\$Recycle.Bin

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Bitte genau checken welche Browser betroffen sind.

FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logfiles.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015

Ran by jenni_000 at 2015-02-11 09:02:15 Run:1

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 &  (Available profiles: jenni_000)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\$Recycle.Bin

Emptytemp:

*****************
 

C:\$Recycle.Bin => Moved successfully.

EmptyTemp: => Removed 595.2 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 09:02:28 ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by jenni_000 (administrator) on ARBEITS-PC on 11-02-2015 10:11:07

Running from C:\Users\jenni_000\Desktop

Loaded Profiles: jenni_000 (Available profiles: jenni_000)

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Dropbox, Inc.) C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)

HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Atheros Communications))

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-18] (Spotify Ltd)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\RunOnce: [Application Restart #1] => C:\Users\jenni_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable (the data entry has 557 more characters).

HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk

ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\jenni_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage-web.com/?s=acer&m=start

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {30714E6F-3E5A-4484-9518-DC627FFF61D4} URL = 

SearchScopes: HKU\S-1-5-21-65215496-3717533155-1263251077-1001 -> {B4A75C53-223E-45C3-93BF-CC3B0B89C00C} URL = https://www.google.ch/search?q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\jenni_000\AppData\Roaming\Mozilla\Firefox\Profiles\fo3t5ros.default-1423645662696

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
 

Chrome: 

=======

CHR HomePage: Default -> 9A2FDDA367A95399EFEB3F3BBB43C712A37461D46F69199FBF637A93ABE44EE5

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]

CHR Extension: (Google Drive) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-13]

CHR Extension: (YouTube) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]

CHR Extension: (Google-Suche) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]

CHR Extension: (Avira Browser Safety) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]

CHR Extension: (Google Mail) - C:\Users\jenni_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [jhpokclhnekmjlhknfihmghoblfgfeog] - C:\Program Files (x86)\chip\Chrome\chip-1.4.21.crx [2014-11-18]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)

R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)

S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-04-28] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-04-28] (Acer Incorporate)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S3 OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys [X]

S3 TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys [X]

S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-11 10:11 - 2015-02-11 10:11 - 00022102 _____ () C:\Users\jenni_000\Desktop\FRST.txt

2015-02-11 10:07 - 2015-02-11 10:07 - 00000000 ____D () C:\Users\jenni_000\Desktop\Alte Firefox-Daten

2015-02-11 09:15 - 2015-02-11 09:15 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-11 09:15 - 2015-02-11 09:15 - 00001123 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-02-11 09:15 - 2015-02-11 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-02-11 09:14 - 2015-02-11 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-02-11 09:07 - 2015-02-11 09:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\jenni_000\Desktop\revosetup95.exe

2015-02-11 09:04 - 2015-02-11 09:04 - 00001961 _____ () C:\Users\Public\Desktop\abMedia.lnk

2015-02-10 09:55 - 2015-02-10 09:55 - 00852594 _____ () C:\Users\jenni_000\Desktop\SecurityCheck.exe

2015-02-10 09:53 - 2015-02-10 09:53 - 02347384 _____ (ESET) C:\Users\jenni_000\Desktop\esetsmartinstaller_deu.exe

2015-02-06 23:21 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150206-232141.backup

2015-02-06 22:46 - 2015-02-06 22:48 - 00000000 ____D () C:\AdwCleaner

2015-02-06 22:41 - 2015-02-06 22:41 - 01388274 _____ (Thisisu) C:\Users\jenni_000\Desktop\JRT.exe

2015-02-06 22:40 - 2015-02-06 22:40 - 02112512 _____ () C:\Users\jenni_000\Desktop\AdwCleaner_4.110.exe

2015-02-06 22:34 - 2015-02-11 10:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-06 22:34 - 2015-02-06 22:34 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-06 22:34 - 2015-02-06 22:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-06 22:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-06 22:34 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-06 22:32 - 2015-02-06 22:33 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jenni_000\Desktop\mbam-setup-2.0.4.1028.exe

2015-02-05 09:51 - 2015-02-11 10:11 - 00000000 ____D () C:\FRST

2015-02-05 09:51 - 2015-02-10 12:44 - 02132992 _____ (Farbar) C:\Users\jenni_000\Desktop\FRST64.exe

2015-02-05 09:37 - 2015-02-05 09:37 - 00050477 _____ () C:\Users\jenni_000\Desktop\Defogger.exe

2015-02-05 09:20 - 2015-02-05 09:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-02-05 09:02 - 2015-02-05 09:02 - 00000000 ____D () C:\rei

2015-02-01 19:27 - 2015-02-01 19:27 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\WildTangent

2015-01-31 08:21 - 2015-01-31 08:21 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-01-30 12:35 - 2013-08-22 14:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150130-123518.backup

2015-01-30 11:49 - 2015-01-31 16:31 - 00000000 ____D () C:\Users\jenni_000\Desktop\mysound

2015-01-30 11:49 - 2015-01-30 11:55 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:50 - 00000000 ____D () C:\ProgramData\TuneUp Software

2015-01-30 11:49 - 2015-01-30 11:49 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

2015-01-30 11:49 - 2015-01-30 11:49 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\TuneUp Software

2015-01-30 11:49 - 2014-03-20 14:44 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe

2015-01-30 11:49 - 2014-03-20 14:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll

2015-01-30 11:49 - 2014-03-20 14:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll

2015-01-30 11:48 - 2015-01-30 11:48 - 00001023 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2015-01-30 11:48 - 2015-01-30 11:48 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2015-01-28 11:11 - 2015-01-28 11:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2015-01-16 20:58 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-16 20:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-16 20:58 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys

2015-01-16 20:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-16 20:58 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe

2015-01-16 20:58 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-16 20:58 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-16 20:58 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-01-16 20:58 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2015-01-16 20:58 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2015-01-16 20:58 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe

2015-01-16 20:58 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-01-16 20:58 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-01-16 20:58 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll

2015-01-16 20:58 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-16 20:58 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-16 20:58 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 13:35 - 2015-01-13 13:35 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-11 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-02-11 09:59 - 2014-10-16 09:13 - 01297007 _____ () C:\Windows\WindowsUpdate.log

2015-02-11 09:21 - 2014-11-02 11:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-11 09:20 - 2014-10-16 09:24 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-65215496-3717533155-1263251077-1001

2015-02-11 09:13 - 2014-10-16 15:16 - 00005160 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC

2015-02-11 09:07 - 2014-07-18 17:40 - 00765582 _____ () C:\Windows\system32\perfh007.dat

2015-02-11 09:07 - 2014-07-18 17:40 - 00159366 _____ () C:\Windows\system32\perfc007.dat

2015-02-11 09:07 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-11 09:05 - 2014-10-16 11:56 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\CrashDumps

2015-02-11 09:04 - 2014-11-03 18:33 - 00000000 ___RD () C:\Users\jenni_000\Dropbox

2015-02-11 09:04 - 2014-11-03 18:30 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Dropbox

2015-02-11 09:04 - 2014-05-19 09:39 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-02-11 09:03 - 2014-11-06 14:00 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-11 09:03 - 2014-10-16 09:21 - 00000000 ___DO () C:\Users\jenni_000\OneDrive

2015-02-11 09:03 - 2014-10-16 09:21 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\clear.fi

2015-02-11 09:02 - 2014-03-18 10:54 - 00172110 _____ () C:\Windows\PFRO.log

2015-02-11 09:02 - 2013-08-22 15:46 - 00027824 _____ () C:\Windows\setupact.log

2015-02-11 09:02 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-11 09:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-02-11 08:59 - 2014-10-16 10:26 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8412CCF4-4BA1-49DB-A8DB-576387D8637D}

2015-02-11 08:58 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-02-10 16:58 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-02-10 10:10 - 2014-11-06 14:00 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-10 10:10 - 2014-11-06 14:00 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-10 10:10 - 2014-11-06 14:00 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-10 09:53 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-10 09:53 - 2014-10-16 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-02-10 09:53 - 2014-10-16 10:33 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-02-10 09:51 - 2014-10-16 09:24 - 00000000 _____ () C:\Windows\system32\newflow.dat

2015-02-06 22:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer

2015-02-05 11:11 - 2014-10-21 09:32 - 00710144 ___SH () C:\Users\jenni_000\Desktop\Thumbs.db

2015-02-05 09:40 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000

2015-02-05 09:21 - 2014-11-02 11:37 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-04 16:37 - 2014-11-26 12:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Roaming\Skype

2015-02-03 20:31 - 2014-10-16 13:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-03 20:31 - 2014-10-16 13:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-02-01 19:27 - 2014-05-19 09:39 - 00000000 ____D () C:\ProgramData\WildTangent

2015-02-01 19:25 - 2014-10-16 09:18 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Pokki

2015-01-31 11:52 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\VirtualStore

2015-01-29 14:14 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\jenni_000\AppData\Local\Packages

2015-01-28 12:12 - 2014-10-16 12:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-28 12:11 - 2014-10-16 12:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-28 11:11 - 2014-11-06 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-20 23:04 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-20 21:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-13 10:37 - 2014-10-20 09:37 - 00000000 ____D () C:\Users\jenni_000\Desktop\Zhaw_5. Semester
 

==================== Files in the root of some directories =======
 

2014-07-18 17:14 - 2014-07-18 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\jenni_000\AppData\Local\Temp\avgnt.exe

C:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiups0d.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-10 10:25
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by jenni_000 at 2015-02-11 10:11:28

Running from C:\Users\jenni_000\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2001.3 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3014.0 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)

Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)

Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)

ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)

Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)

Dropbox (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)

Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)

PDF Architect 2 Create Module (HKLM-x32\...\{3D0D9604-0173-488D-9694-2638C44D7579}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden

TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jenni_000\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-65215496-3717533155-1263251077-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

06-02-2015 23:05:50 Windows Update

11-02-2015 09:11:04 Revo Uninstaller's restore point - Mozilla Firefox 35.0.1 (x86 de)
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0E3EC412-9F76-4717-8D6B-079FB8464DF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {30E9B955-094F-40AE-9157-F6554796CF57} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)

Task: {39697F41-AF3D-46B7-AC20-10E94C210645} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-19] (Acer Incorporated)

Task: {3F6DC35B-0E37-4F28-8C19-96DDE391A812} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-65215496-3717533155-1263251077-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {40CB4B1E-B5FE-41DC-84F3-5E3F4EF57D34} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {43DB3CE1-A794-4517-A2BB-73AECFD6B857} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {4B4FC874-175E-4B01-A156-037ECBDB0967} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe

Task: {4C062AF3-9F6B-4794-B4AD-6553D37E5B00} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)

Task: {581315A3-9402-45FD-AEA1-E9FC5B27EADF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ARBEITS-PC-jenni_000 Arbeits-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)

Task: {59C7E45E-4220-4672-99C5-CC625C72173A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: {6274495B-F132-44E0-B3F3-9D42D02AC0E9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

Task: {73C328A3-4F3F-4003-8976-E8A8D36DEBF5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-04-28] (Acer Incorporate)

Task: {75F075A2-2562-4B89-8846-246EFC084DB5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {85BF3A11-A4C6-4AFA-91F7-0CA3BE814F25} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {8F7CBDE6-ED58-462D-9F59-58DD4322AEA1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {B5EB3EFB-15B4-4E74-AE2C-2ABEA03E07E6} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)

Task: {BE2DA710-6211-4E09-845E-8F1F8A066B26} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-10-04] (Dolby Laboratories Inc.)

Task: {CD0DBDA9-9FAB-49EB-A9F1-0D7FE6615455} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-28] (Microsoft Corporation)

Task: {D1ED31E7-DFFB-44F3-B353-56B073B2D889} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {D3A664A6-3CF6-48A1-81DD-6DA080CEB2E5} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"

Task: {D54DEDCE-6D7A-4088-91CF-7E131087562C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {DF508089-99D8-4E0F-A081-4949485D5713} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

Task: {E112C9BC-14F7-410F-AC3F-EC9D25D6B8D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {F5F83AED-C3F1-461F-9188-55169E6D676C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-06] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2014-10-16 15:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-07-18 17:32 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-10-04 03:41 - 2013-10-04 03:41 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll

2014-07-18 17:36 - 2014-01-03 22:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll

2014-04-29 10:38 - 2014-04-29 10:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-04-29 10:35 - 2014-04-29 10:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-04-29 10:42 - 2014-04-29 10:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2014-05-19 10:10 - 2014-03-07 02:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2014-11-06 13:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-11-06 13:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-11-06 13:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-11-06 13:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-11-21 13:20 - 2014-11-21 13:20 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-01-09 13:20 - 2015-01-09 13:20 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-02-11 09:03 - 2015-02-11 09:03 - 00043008 _____ () c:\Users\jenni_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiups0d.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\jenni_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-11-21 13:21 - 2014-11-21 13:21 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2014-07-18 17:21 - 2013-12-10 00:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2015-02-11 09:14 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Users\jenni_000\OneDrive:ms-properties
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Registry Areas =====================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jenni_000\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-65215496-3717533155-1263251077-1001\...\StartupApproved\Run: => "AcerPortal"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-65215496-3717533155-1263251077-500 - Administrator - Disabled)

Gast (S-1-5-21-65215496-3717533155-1263251077-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-65215496-3717533155-1263251077-1003 - Limited - Enabled)

jenni_000 (S-1-5-21-65215496-3717533155-1263251077-1001 - Administrator - Enabled) => C:\Users\jenni_000
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/11/2015 09:49:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (02/11/2015 09:05:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x1f40

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/11/2015 08:58:52 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87

Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318

Ausnahmecode: 0xc0000005

Fehleroffset: 0x001bf5f0

ID des fehlerhaften Prozesses: 0x10a8

Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0

Pfad der fehlerhaften Anwendung: AcerPortal.exe1

Pfad des fehlerhaften Moduls: AcerPortal.exe2

Berichtskennung: AcerPortal.exe3

Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5
 

Error: (02/10/2015 05:15:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (02/10/2015 05:15:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.17122, Zeitstempel: 0x537192fe

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000952a0

ID des fehlerhaften Prozesses: 0x1264

Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0

Pfad der fehlerhaften Anwendung: PhotosApp.exe1

Pfad des fehlerhaften Moduls: PhotosApp.exe2

Berichtskennung: PhotosApp.exe3

Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5
 

Error: (02/10/2015 05:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (02/10/2015 05:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.17122, Zeitstempel: 0x537192fe

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000952a0

ID des fehlerhaften Prozesses: 0x1730

Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0

Pfad der fehlerhaften Anwendung: PhotosApp.exe1

Pfad des fehlerhaften Moduls: PhotosApp.exe2

Berichtskennung: PhotosApp.exe3

Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5
 

Error: (02/10/2015 05:01:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (02/10/2015 05:01:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (02/10/2015 05:01:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: PhotosApp.exe, Version: 6.3.9600.17122, Zeitstempel: 0x537192fe

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000095440

ID des fehlerhaften Prozesses: 0x258

Startzeit der fehlerhaften Anwendung: 0xPhotosApp.exe0

Pfad der fehlerhaften Anwendung: PhotosApp.exe1

Pfad des fehlerhaften Moduls: PhotosApp.exe2

Berichtskennung: PhotosApp.exe3

Vollständiger Name des fehlerhaften Pakets: PhotosApp.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PhotosApp.exe5
 
 

System errors:

=============

Error: (02/11/2015 09:03:38 AM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/11/2015 09:03:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (02/11/2015 09:02:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 05:36:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 00:55:01 PM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 00:55:01 PM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 00:55:01 PM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 00:55:01 PM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 00:55:01 PM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (02/10/2015 00:55:01 PM) (Source: DCOM) (EventID: 10016) (User: ARBEITS-PC)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Arbeits-PCjenni_000S-1-5-21-65215496-3717533155-1263251077-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 
 

Microsoft Office Sessions:

=========================

Error: (02/11/2015 09:49:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (02/11/2015 09:05:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f01f4001d045d1771c1f3dC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dllb519bb52-b1c4-11e4-8277-3065ec471f4c
 

Error: (02/11/2015 08:58:52 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f010a801d045d093304cf9C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dlld16b3874-b1c3-11e4-8276-3065ec471f4c
 

Error: (02/10/2015 05:15:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2147023170
 

Error: (02/10/2015 05:15:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PhotosApp.exe6.3.9600.17122537192fentdll.dll6.3.9600.1727853eebd22c000000500000000000952a0126401d0454cbe9d7efaC:\Windows\FileManager\PhotosApp.exeC:\Windows\SYSTEM32\ntdll.dllfd3ef064-b13f-11e4-8276-3065ec471f4cFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 

Error: (02/10/2015 05:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2147023170
 

Error: (02/10/2015 05:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PhotosApp.exe6.3.9600.17122537192fentdll.dll6.3.9600.1727853eebd22c000000500000000000952a0173001d0454ad9e51bc3C:\Windows\FileManager\PhotosApp.exeC:\Windows\SYSTEM32\ntdll.dll17adc707-b13e-11e4-8276-3065ec471f4cFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 

Error: (02/10/2015 05:01:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2147023170
 

Error: (02/10/2015 05:01:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ARBEITS-PC)

Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2147023170
 

Error: (02/10/2015 05:01:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PhotosApp.exe6.3.9600.17122537192fentdll.dll6.3.9600.1727853eebd22c0000005000000000009544025801d0454ad73bb6d9C:\Windows\FileManager\PhotosApp.exeC:\Windows\SYSTEM32\ntdll.dll157fe8fa-b13e-11e4-8276-3065ec471f4cFileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.PhotoManager
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz

Percentage of memory in use: 29%

Total physical RAM: 8115.27 MB

Available physical RAM: 5689.95 MB

Total Pagefile: 9651.27 MB

Available Pagefile: 6496.25 MB

Total Virtual: 131072 MB

Available Virtual: 131071.81 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:76.77 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 60E2FAA1)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

:party:

Vielen herzlichen Dank! Ich kann wieder wie gewohnt im Internet surfen. 1000-Dank für Ihre wertvolle Hilfe!

Liebe Grüsse

Jenny

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSuggestURL: Default -> 

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.