Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GreatFind zeigt sich hartnäckig und resistent (https://www.trojaner-board.de/170281-greatfind-zeigt-hartnaeckig-resistent.html)

Fressbacke 26.08.2015 14:27
GreatFind zeigt sich hartnäckig und resistent
 
Hallo,
auf der Suche nach Hilfe gegen den Quälgeist „Great Find“ bin ich auf Eure tolle Seite gestoßen. Wobei ich zunächst Malwarebytes hatte laufen lassen. Das Programm hat einiges gefunden und gelöscht. Der Chrome-Browser wurde resetet (auch Firefox, Opera und IE). Aber: immer noch sind die lästigen kleinen Einblendungen da, auch nach Lauf von AdwCleaner und JRT.
Ein Browser-Hijacking gab es zu keiner Zeit, ich konnte bei Chrome auch kein passendes Add-on finden. Als letztes neue Programme wurden Coowon (wieder deinstalliert) und Ashampoo Brennprogramm installiert, einmal von der CB-Seite, einmal von Chip. Ich achte immer darauf, keine lästigen Begleiter zu installieren. Kanns mir also im Moment nicht erklären.
Habt Ihr eine Idee?

Es läuft übrigens Windows 8.1 und Kaspersky Internet Security

Danke und Gruß

Ralf

cosinus 26.08.2015 14:32
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Fressbacke 26.08.2015 18:34
Danke schon mal für die schnelle Antwort!

Ich werde mal suchen, was an logfiles gespeichert wurde - Meldungen gab es gar nicht bis zum gezielten Durchlauf von Malwarebytes. Nur bestimmte Seiten wurden mit Werbefensterchen zugemüllt, die Startseite nicht verändert.
Kaspersky hat sich nie gerührt.

Dauert allerdings noch ein wenig, erst muss mein Katerchen zum Doc.

So, hier mal das Log von Malwarebytes. Es wurden vorher keinerlei andere Versuche der Entfernung, also auch nicht über Systemsteuerung oder Browserreset gemacht. Der Scan wurde umfangreich fündig. Danach wurden alle Browser resetet, dann Adw und JRT - CCleaner durfte auch mal laufen.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 25.08.2015
Suchlaufzeit: 21:06
Protokolldatei: Mwbyt.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.25.05
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Ralf

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410057
Abgelaufene Zeit: 10 Min., 1 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 10
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe, 9164, Löschen bei Neustart, [6d9c3ecffd8eaa8c0efb5c33de27af51]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12\Plugin.exe, 6736, Löschen bei Neustart, [01080409830872c41ced98f765a01ae6]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12\Plugin.exe, 9864, Löschen bei Neustart, [01080409830872c41ced98f765a01ae6]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8\Plugin.exe, 9008, Löschen bei Neustart, [16f336d75b306accfb0e008ff90cda26]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\Plugin.exe, 5520, Löschen bei Neustart, [76931bf2bccf3bfbe326751a36cffd03]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\Plugin.exe, 9880, Löschen bei Neustart, [76931bf2bccf3bfbe326751a36cffd03]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5\Plugin.exe, 7372, Löschen bei Neustart, [a96095785e2d5fd769a0e9a6c93c54ac]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\4\Plugin.exe, 6816, Löschen bei Neustart, [7990030a5b301d19f11890ff9e67b848]
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10\Plugin.exe, 5564, Löschen bei Neustart, [ea1fa865860562d452b7414e1beac23e]
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe, 3784, Löschen bei Neustart, [dd2c5bb29af1e3537594fe9149bc8977]

Module: 4
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{218E8E29-14B9-4E3C-B63A-872C2FE139E3}.dll, Löschen bei Neustart, [f6133dd02863ea4cc7426a253dc8de22],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{218E8E29-14B9-4E3C-B63A-872C2FE139E3}.dll, Löschen bei Neustart, [f6133dd02863ea4cc7426a253dc8de22],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{ACEDD856-97FF-4691-95FC-D29EB3C4B06F}.dll, Löschen bei Neustart, [19f051bc404b84b2df2a305fc144c23e],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{ACEDD856-97FF-4691-95FC-D29EB3C4B06F}.dll, Löschen bei Neustart, [19f051bc404b84b2df2a305fc144c23e],

Registrierungsschlüssel: 5
PUP.Optional.GreatFind.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr GreatFind, In Quarantäne, [6d9c3ecffd8eaa8c0efb5c33de27af51],
PUP.Optional.GreatFind.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr GreatFind, In Quarantäne, [dd2c5bb29af1e3537594fe9149bc8977],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Great Find, In Quarantäne, [6c9d12fbe7a49a9cf4150e81d92c718f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{cfd32d46-7d3f-483f-bace-7172aec5592d}, In Quarantäne, [6c9d12fbe7a49a9cf4150e81d92c718f],
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\GreatFind, In Quarantäne, [6f9ad03d9bf01620b0b62e817c88e719],

Registrierungswerte: 2
PUP.Optional.PluginContainer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr GreatFind|ImagePath, "C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe", In Quarantäne, [fe0b1cf18308c3730d0fdcd5b74dab55]
PUP.Optional.Updater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr GreatFind|ImagePath, "C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe", In Quarantäne, [080165a8b3d8d75f8896b10052b2dc24]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 23
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10bak, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12\resources, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12bak, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12bak\resources, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3bak, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\4, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\4bak, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5bak, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\resources, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8, Löschen bei Neustart, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8bak, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc, Löschen bei Neustart, [ea1fa964e1aa88aeab87bc5dc24127d9],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater, In Quarantäne, [ea1fa964e1aa88aeab87bc5dc24127d9],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Great Find, In Quarantäne, [9970d13ceba06ec854df67b21ce74eb2],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Great Find\Extensions, In Quarantäne, [9970d13ceba06ec854df67b21ce74eb2],

Dateien: 91
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{218E8E29-14B9-4E3C-B63A-872C2FE139E3}.dll, Löschen bei Neustart, [f6133dd02863ea4cc7426a253dc8de22],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{ACEDD856-97FF-4691-95FC-D29EB3C4B06F}.dll, Löschen bei Neustart, [19f051bc404b84b2df2a305fc144c23e],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.exe, Löschen bei Neustart, [6d9c3ecffd8eaa8c0efb5c33de27af51],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12\Plugin.exe, Löschen bei Neustart, [01080409830872c41ced98f765a01ae6],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8\Plugin.exe, Löschen bei Neustart, [16f336d75b306accfb0e008ff90cda26],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\Plugin.exe, Löschen bei Neustart, [76931bf2bccf3bfbe326751a36cffd03],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5\Plugin.exe, Löschen bei Neustart, [a96095785e2d5fd769a0e9a6c93c54ac],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\4\Plugin.exe, Löschen bei Neustart, [7990030a5b301d19f11890ff9e67b848],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10\Plugin.exe, Löschen bei Neustart, [ea1fa865860562d452b7414e1beac23e],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.exe, Löschen bei Neustart, [dd2c5bb29af1e3537594fe9149bc8977],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugincontainer.bak, In Quarantäne, [29e00508dab172c418f17e1130d5639d],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\10bak\Plugin.exe, In Quarantäne, [97729776dcaf89ad0bfe0a855aab19e7],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12\resources\plugin.dll, In Quarantäne, [4dbc6aa34c3f5fd7a069652ad53053ad],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12bak\Plugin.exe, In Quarantäne, [ee1b45c85c2fab8bc7423857c342ef11],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12bak\resources\plugin.dll, In Quarantäne, [6a9fc24b850665d1b059860950b5b14f],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3bak\Plugin.exe, In Quarantäne, [a2678a8318739d99be4bf897f60fef11],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\4bak\Plugin.exe, In Quarantäne, [2bde927b7b1070c674950a8528dd837d],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\5bak\Plugin.exe, In Quarantäne, [7594b15cb3d8ef47f6132a6558ad926e],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\Plugin.exe, In Quarantäne, [18f1c548701be84e18f1a1eeea1be51b],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\resources\38.0.5.dll, In Quarantäne, [5faa9d703952af87b9507b147392d030],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\resources\39.0.0.dll, In Quarantäne, [c7423dd0d9b20630c148f897ee17d62a],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\resources\40.0.0.dll, In Quarantäne, [7792fb12f09b1e1867a2eda2e61f9d63],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\8bak\Plugin.exe, In Quarantäne, [88815cb1aedd0432b3561976010419e7],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Roaming\RHEng\560E1537295F4FA7A54DD4F0CBF2EF16\setup.exe, In Quarantäne, [ff0a7b928209df570cfd494648bd6799],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Roaming\RHEng\711E31614BED46EA804B99E8866ABDC4\setup.exe, In Quarantäne, [2bde2ae3305bf24445c4385736cfb24e],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Great Find\Uninstaller.exe, In Quarantäne, [6c9d12fbe7a49a9cf4150e81d92c718f],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{03A163CB-9386-4AF0-B463-45EF7274BFF0}.dll, In Quarantäne, [70993dd0d0bb65d16f9a0d821ee77090],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{6E3E9227-6F0D-4656-9EDD-59D14CA97DB0}.dll, In Quarantäne, [82871eefcebd072f97722b64ce37867a],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{E5362818-8D87-464B-83A7-22325956B032}.dll, In Quarantäne, [3acfdf2ecebd81b5f6138e01f90cdd23],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{74326F94-E11F-4080-8F93-BDBBA313747B}.dll, In Quarantäne, [42c77b92f7948baba1684d42778ea15f],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{790A40DD-10DA-4779-BE35-7343012096F2}.xpi, In Quarantäne, [18f1927bee9df04623e65e69f20f27d9],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{79EC062F-C60C-4469-BE47-7035D373DDDF}.dll, In Quarantäne, [7495eb227e0dc373ca3f721dcc3931cf],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{7B9BA5D7-BE3E-4658-A3D5-CE66DEDCC938}.xpi, In Quarantäne, [16f3a36a35560b2bce3bbd0ac33eca36],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{7BB72667-C332-4C44-980E-A8B641BBC6B5}.dll, In Quarantäne, [15f4f11cc1caf83e56b35d32ce3741bf],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{7BBF6E5F-60D3-4C79-8A5F-CA8A4A872011}.xpi, In Quarantäne, [32d79776850694a255b48b3ce61b05fb],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{7D91D607-8366-46AE-AC63-A742E009FBAD}.dll, In Quarantäne, [1beedc31315acd698386f79803024fb1],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{877CCD3A-C083-45F9-A377-8BE95D1FEA5E}.xpi, In Quarantäne, [bd4c79943e4d68cef3167a4de31e46ba],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{8990AF03-9FA0-4A45-A14F-44F83C9EA507}.dll, In Quarantäne, [96731df0e0abf3432cdd820db64f817f],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{91A833B9-2B96-471A-B079-05427BD57CC9}.dll, In Quarantäne, [2bde8d806625a88e9376583725e02cd4],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{CE03F442-1766-4A6B-85AA-E937E1E6D542}.dll, In Quarantäne, [947565a898f3999d7198602f26df8a76],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{D40650DA-F5AB-4DB8-BC1B-93038BA7A6DD}.dll, In Quarantäne, [749505086b201b1b07021c73e71e01ff],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{D85D85A6-5293-44DC-AF5F-1E0A0B792F42}.dll, In Quarantäne, [30d97d90d0bb3afc2bde028d52b350b0],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{DABED004-055A-46A8-9A02-57D53E113539}.dll, In Quarantäne, [b25739d4d6b501357099dab5af569967],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{DD31B590-CE00-4933-A8B5-559D24F3E483}.dll, In Quarantäne, [5cadd03d1c6fb581df2abed1699c5ba5],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{E1C3D233-1525-4A96-8552-80909EEF1E8B}.dll, In Quarantäne, [3ecb33da4942ed4964a5127d3cc904fc],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{E4F0053C-5C99-4556-8171-BD6555296D75}.dll, In Quarantäne, [b059818ca1ea221454b5b8d712f35fa1],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{E5095038-2C76-4D76-8389-4E7A3917CDFD}.xpi, In Quarantäne, [1eeb7e8f1d6e0e2821e88a3dc83948b8],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{37D712B2-13E6-4E94-9907-060AE66F5B35}.dll, In Quarantäne, [7297c34ae2a9af87d1384d42cf36669a],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{39F9588C-B855-4B14-8929-1E5AA3FCD3BE}.dll, In Quarantäne, [12f7739a7c0f52e421e8800f7491b050],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{3A5A1AD1-5D75-4833-9C6D-689C7B17D0E0}.dll, In Quarantäne, [fb0e3fcecbc03ef80dfcade2a065f40c],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{3CC0B8CB-0A52-4F2C-9176-9E42C0E922A1}.dll, In Quarantäne, [61a8d83548436ccad732bed1bf469e62],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{3E885772-6EE8-496D-86CE-DF76BF2F4B28}.xpi, In Quarantäne, [4cbd60ad404b40f61ced3196b74a956b],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{4575E309-20EB-4A6D-9622-6A4F0208D433}.xpi, In Quarantäne, [ae5b35d86823f145d7322c9b18e9e020],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{51D6CD58-38D5-4B67-89DB-9787DECBCB68}.dll, In Quarantäne, [6c9ddc316427e353fd0c1b7423e240c0],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{532C68B1-73BC-4972-BC37-73163DCE6536}.dll, In Quarantäne, [7f8a8a835833b97d19f0434cb154dc24],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{5702205C-3B80-4B8B-8552-A376A34516F0}.dll, In Quarantäne, [47c2709d127953e329e0f8979471a65a],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{6391F18C-DBBF-47C9-98CE-31A4B63F7493}.dll, In Quarantäne, [e72225e8dbb0b185cf3acfc01aeb3ec2],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{665C3950-4CDA-4CD8-997C-E20F3B189F79}.xpi, In Quarantäne, [d53439d4098282b46b9ea5226899ae52],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{6C34BD0D-8C23-4834-9209-940B4076E5C7}.dll, In Quarantäne, [0cfd7499f299c571e227e1ae29dcc838],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{6D4D0DE2-96C8-43C4-B923-D1E38D75224A}.dll, In Quarantäne, [95748b820b80e056c841aee130d57f81],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{9CD4514D-0D7B-463B-B7CC-CF577C93C64C}.dll, In Quarantäne, [90797499ccbf979f9178c6c9b154f907],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{A3887DF4-4BC1-4EF3-9F66-636C9F3A6324}.dll, In Quarantäne, [fb0e1bf258337abc47c2444b59ac3ac6],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{AB5BBBC9-1725-43AB-A6B5-43C13B91C89D}.dll, In Quarantäne, [9673c74691fa231358b192fdf90c20e0],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{B3006673-8DE5-48CD-8709-D950F1C66C02}.xpi, In Quarantäne, [2edbda33e6a55dd97e8bf4d304fdc53b],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{B5492A3E-9980-41B6-A5A9-B7BCFD889E01}.xpi, In Quarantäne, [e7228d80048703337099ddeaa160d12f],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{B67BEB46-5606-423B-8013-6FA2465F746E}.dll, In Quarantäne, [2bdedb32fb90f14528e11778b253f30d],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{BFD684C7-97A9-43C4-B487-5AC657BD6E94}.dll, In Quarantäne, [16f33fce028995a170998a052dd8f20e],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{CCEDC56E-B959-4AE5-B0A4-28A1C15361F3}.dll, In Quarantäne, [eb1e13fa5338a393d03998f746bfe818],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{EC9069B0-6741-4245-A617-57918F06CC01}.dll, In Quarantäne, [41c86ca1612a41f562a76b248a7b9e62],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{F24F8695-81A9-47CF-AD61-E6BDF922CBB4}.dll, In Quarantäne, [b950dc3153381c1a7792058a8481ee12],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{F40A5431-9212-4F0B-9867-6346F1C20470}.dll, In Quarantäne, [9277c7463a517fb7ef1a5c33ef16d030],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{FD323D75-6106-456E-952D-4AD33BEFF306}.dll, In Quarantäne, [5cad33dafc8f64d22bdef69956afb54b],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{0F3AD98A-6AA2-4BC6-A947-2D521CFDD5E9}.dll, In Quarantäne, [7e8b44c9c5c6d95d68a18d02947152ae],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{1370A2DC-597E-42DF-ACB6-E305607002C1}.dll, In Quarantäne, [ea1f000d34575fd78584810e26df7987],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{1C4C20A2-D596-41E0-9611-0055F710E2C3}.xpi, In Quarantäne, [78917b922a618caa3acf04c37d84cf31],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{206F4E0F-AF67-46D7-8369-011EEA21C862}.dll, In Quarantäne, [8b7ea8650b8047effd0c95fa3cc9f808],
PUP.Optional.Yontoo.Gen, C:\Users\Ralf\AppData\Local\Temp\{240D447F-E30F-441A-BCC8-B1EEC9BBBA75}.xpi, In Quarantäne, [2bde0ffed3b8280e0cfde6e1ae5324dc],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{2DBDA368-942A-4423-82CB-E82EFC2C3FC4}.dll, In Quarantäne, [bc4dcd402467e84edb2e751a768f20e0],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Temp\{30F12C82-9CE7-445C-8928-8C9D2ED7EB03}.dll, In Quarantäne, [8a7f48c5aedd58deb9504a4564a1649c],
PUP.Optional.PastaLeads.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Löschen bei Neustart, [5dac937a3358a5914af6b873f21112ee],
PUP.Optional.PastaLeads.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Löschen bei Neustart, [a564a06dbfccd6607ac61a1155ae2ad6],
PUP.Optional.BoostSaves.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Löschen bei Neustart, [74958588b2d96fc7614fa493e41f8977],
PUP.Optional.BoostSaves.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Löschen bei Neustart, [cf3a907dc8c3c86e149c96a1b54e3dc3],
PUP.Optional.Boost.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Löschen bei Neustart, [dd2cd439345766d038522627748f857b],
PUP.Optional.Boost.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Löschen bei Neustart, [40c90c0195f687afe1a9183554afc43c],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage, Löschen bei Neustart, [14f5e429f992b185550f555a22e28b75],
PUP.Optional.GreatFind.A, C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage-journal, Löschen bei Neustart, [ee1b6aa33f4cf64095cfd7d8d72d1ce4],
PUP.Optional.GreatFind.A, C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\temp, In Quarantäne, [64a537d665264cea3ff251c8f90a8c74],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\updater.bak, In Quarantäne, [ea1fa964e1aa88aeab87bc5dc24127d9],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Great Find\7za.exe, In Quarantäne, [9970d13ceba06ec854df67b21ce74eb2],
PUP.Optional.GreatFind.A, C:\Program Files (x86)\Great Find\Extensions\{fcefe1dd-0baf-4b61-89e2-cb91a9b96dfe}.xpi, In Quarantäne, [9970d13ceba06ec854df67b21ce74eb2],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Das JRT Logfile:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 8.1 x64
Ran by Ralf on 25.08.2015 at 23:16:57,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}



~~~ Files

Successfully deleted: [File] C:\Users\Ralf\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.boostsaves.com_0.localstorage
Successfully deleted: [File] C:\Users\Ralf\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.boostsaves.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Ralf\Appdata\Local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage
Successfully deleted: [File] C:\Users\Ralf\Appdata\Local\google\chrome\user data\default\local storage\hxxps_static.boostsaves.com_0.localstorage-journal
Successfully deleted: [File] C:\WINDOWS\SysWOW64\RENE6B.tmp



~~~ Folders



~~~ Chrome


[C:\Users\Ralf\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Ralf\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Ralf\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Ralf\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2015 at 23:21:12,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vom Adw habe ich leider keines.

FRST mache ich nun - folgt :)

Fressbacke 26.08.2015 18:41
Nun FRST:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
durchgeführt von Ralf (Administrator) auf RALF-ACER (26-08-2015 19:36:41)
Gestartet von C:\Users\Ralf\Desktop
Geladene Profile: Ralf (Verfügbare Profile: Ralf & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448520 2015-06-24] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-27] (DivX, LLC)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Atheros Communications)
HKU\S-1-5-21-1094383403-439006449-3061626430-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2665984 2015-08-13] (Acer)
HKU\S-1-5-21-1094383403-439006449-3061626430-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1094383403-439006449-3061626430-1001\...\Run: [Dropbox Update] => C:\Users\Ralf\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
Startup: C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\S-1-5-21-1094383403-439006449-3061626430-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1094383403-439006449-3061626430-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1094383403-439006449-3061626430-1001 -> {DFD73DB3-528E-4F4C-A80F-838F614FEC6D} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-04-07] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{CA028C77-B1A6-4D90-A6F3-4B0E0CD1DDA6}: [DhcpNameServer] 192.19.128.24
Tcpip\..\Interfaces\{E4C17C58-7474-45AF-9704-B76A650D01A7}: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\conxoh9y.default-1439499445122
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-08-05] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin HKU\S-1-5-21-1094383403-439006449-3061626430-1001: @tools.coowon.com/Coowon Update;version=3 -> C:\Users\Ralf\AppData\Local\Coowon\Update\1.3.33.0\npCoowonUpdate3.dll [2015-08-25] (Coowon.)
FF Plugin HKU\S-1-5-21-1094383403-439006449-3061626430-1001: @tools.coowon.com/Coowon Update;version=9 -> C:\Users\Ralf\AppData\Local\Coowon\Update\1.3.33.0\npCoowonUpdate3.dll [2015-08-25] (Coowon.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-04-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-04-07]

Chrome:
=======
CHR Profile: C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-07]
CHR Extension: (Google Drive) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07]
CHR Extension: (YouTube) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-07]
CHR Extension: (Google Search) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-04-07]
CHR Extension: (Google Sheets) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-07]
CHR Extension: (Gmail) - C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [466664 2014-06-10] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [458984 2014-06-26] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [233216 2014-06-23] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-04-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-04-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-26 19:36 - 2015-08-26 19:36 - 00029080 _____ C:\Users\Ralf\Desktop\FRST.txt
2015-08-26 19:36 - 2015-08-26 19:36 - 00000000 ____D C:\FRST
2015-08-26 19:35 - 2015-08-26 19:35 - 02186752 _____ (Farbar) C:\Users\Ralf\Desktop\FRST64.exe
2015-08-26 19:03 - 2015-08-26 19:03 - 00022480 _____ C:\Users\Ralf\Desktop\Mwbyt.txt
2015-08-26 19:02 - 2015-08-26 19:02 - 00002800 _____ C:\Users\Ralf\Desktop\Mwby.txt
2015-08-25 23:39 - 2015-08-26 18:44 - 00002436 _____ C:\WINDOWS\setupact.log
2015-08-25 23:39 - 2015-08-25 23:39 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-25 23:38 - 2015-08-25 23:39 - 00371584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-25 23:38 - 2015-08-25 23:38 - 00000354 _____ C:\WINDOWS\PFRO.log
2015-08-25 23:09 - 2015-08-25 23:09 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-25 21:05 - 2015-08-26 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-25 21:04 - 2015-08-25 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-25 21:04 - 2015-08-25 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-25 21:04 - 2015-08-25 21:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-25 21:04 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-25 21:04 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-25 21:04 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-25 12:21 - 2015-08-25 23:03 - 00000000 ____D C:\Users\Ralf\AppData\Local\Coowon
2015-08-20 19:57 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-20 19:57 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 17:21 - 2015-08-18 17:21 - 00003334 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2015-08-16 14:06 - 2015-08-26 19:07 - 01119588 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-16 02:13 - 2015-08-18 04:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-14 17:15 - 2015-08-14 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-14 17:15 - 2015-08-14 17:15 - 00000000 ____D C:\Program Files\iTunes
2015-08-14 17:15 - 2015-08-14 17:15 - 00000000 ____D C:\Program Files\iPod
2015-08-14 17:15 - 2015-08-14 17:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-13 16:35 - 2015-08-13 16:35 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 17:56 - 2015-07-30 16:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 17:56 - 2015-07-30 15:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 17:33 - 2015-08-12 17:33 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-08-12 17:33 - 2015-08-12 17:33 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\IrfanView
2015-08-12 17:33 - 2015-08-12 17:33 - 00000000 ____D C:\Program Files (x86)\IrfanView
2015-08-12 16:27 - 2015-07-19 03:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 16:27 - 2015-07-18 20:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 16:27 - 2015-07-18 20:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 16:27 - 2015-07-18 20:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 16:27 - 2015-07-18 20:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 16:27 - 2015-07-18 20:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 16:27 - 2015-07-18 20:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 16:27 - 2015-07-18 20:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 16:27 - 2015-07-18 20:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 16:27 - 2015-07-18 20:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 16:27 - 2015-07-18 20:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 16:27 - 2015-07-18 20:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 16:27 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 16:27 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 16:27 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 16:27 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 16:27 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 16:27 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 16:27 - 2015-07-16 21:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 16:27 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 16:27 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 16:27 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 16:27 - 2015-07-16 21:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 16:27 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 16:27 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 16:27 - 2015-07-16 21:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 16:27 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 16:27 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 16:27 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 16:27 - 2015-07-16 21:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 16:27 - 2015-07-16 21:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 16:27 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 16:27 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 16:27 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 16:27 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 16:27 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 16:27 - 2015-07-16 20:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 16:27 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 16:27 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 16:27 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 16:27 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 16:27 - 2015-06-09 20:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 16:26 - 2015-07-29 16:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 16:26 - 2015-07-29 16:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 16:26 - 2015-07-29 16:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 16:26 - 2015-07-29 01:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 16:26 - 2015-07-28 16:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 16:26 - 2015-07-28 16:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 16:26 - 2015-07-28 16:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 16:26 - 2015-07-28 16:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 16:26 - 2015-07-28 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 16:26 - 2015-07-28 16:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 16:26 - 2015-07-24 20:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 16:26 - 2015-07-24 20:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 16:26 - 2015-07-24 20:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 16:26 - 2015-07-24 19:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 16:26 - 2015-07-24 19:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 16:26 - 2015-07-16 02:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 16:26 - 2015-07-16 02:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 16:26 - 2015-07-16 02:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 16:26 - 2015-07-16 02:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 16:26 - 2015-07-14 23:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 16:26 - 2015-07-14 23:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 16:26 - 2015-07-14 23:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 16:26 - 2015-07-14 05:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 16:26 - 2015-07-14 05:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 16:26 - 2015-07-13 21:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 16:26 - 2015-07-13 21:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 16:26 - 2015-07-10 20:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 16:26 - 2015-07-10 19:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 16:26 - 2015-07-10 19:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 16:26 - 2015-07-10 19:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 16:26 - 2015-07-10 19:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 16:26 - 2015-07-10 18:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 16:26 - 2015-07-10 18:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 16:26 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 16:26 - 2015-07-09 19:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 16:26 - 2015-07-09 18:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 16:26 - 2015-07-07 11:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 16:26 - 2015-07-07 11:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 16:26 - 2015-07-07 11:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 16:26 - 2015-07-02 00:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 16:26 - 2015-07-02 00:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 16:26 - 2015-07-01 23:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 16:26 - 2015-07-01 23:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 16:26 - 2015-06-12 19:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 16:26 - 2015-06-12 18:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 16:26 - 2015-06-11 22:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 16:26 - 2015-06-11 22:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 16:26 - 2015-05-12 02:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-08 23:43 - 2015-08-18 04:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-08 23:43 - 2015-08-08 23:43 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-08 23:43 - 2015-08-08 23:43 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-07 15:25 - 2015-08-07 15:25 - 00000000 ____D C:\Users\Ralf\Documents\Ashampoo Burning Studio 2015
2015-08-02 12:13 - 2015-08-02 12:13 - 00000000 ____D C:\Users\Ralf\AppData\Local\CyberLink
2015-08-02 11:48 - 2015-08-02 11:48 - 00001343 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio 2015.lnk
2015-08-02 11:48 - 2015-08-02 11:48 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Ashampoo
2015-08-02 11:48 - 2015-08-02 11:48 - 00000000 ____D C:\Users\Ralf\AppData\Local\ashampoo
2015-08-02 11:48 - 2015-08-02 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-08-02 11:48 - 2015-08-02 11:48 - 00000000 ____D C:\ProgramData\Ashampoo
2015-08-02 11:48 - 2015-08-02 11:48 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2015-07-31 20:36 - 2015-08-19 16:41 - 00003854 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1438367793
2015-07-31 20:36 - 2015-08-19 16:41 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-31 20:36 - 2015-07-31 20:36 - 00001151 _____ C:\Users\Public\Desktop\Opera.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-26 19:34 - 2015-06-17 13:24 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1094383403-439006449-3061626430-1001UA.job
2015-08-26 19:32 - 2014-10-22 10:49 - 00000000 ___RD C:\Users\Ralf\Desktop\SECURITY
2015-08-26 19:23 - 2015-04-08 21:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-26 19:03 - 2015-04-07 18:48 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-26 18:59 - 2015-04-07 19:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-26 18:51 - 2015-04-07 18:21 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1094383403-439006449-3061626430-1001
2015-08-26 18:51 - 2014-08-18 23:46 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-08-26 18:51 - 2014-08-18 23:46 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-08-26 18:51 - 2014-03-18 12:03 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-26 18:46 - 2015-04-07 19:05 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Dropbox
2015-08-26 18:46 - 2015-04-07 18:48 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 18:46 - 2014-11-30 15:50 - 00000000 __RDO C:\Users\Ralf\OneDrive
2015-08-26 18:46 - 2014-10-22 10:52 - 00000000 ___RD C:\Users\Ralf\Dropbox
2015-08-26 18:46 - 2014-08-18 14:27 - 00006463 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-08-26 18:44 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-26 02:24 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-26 00:57 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-26 00:34 - 2015-06-17 13:24 - 00001188 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1094383403-439006449-3061626430-1001Core.job
2015-08-25 21:57 - 2015-04-07 18:22 - 00000000 ____D C:\Users\Ralf\AppData\Local\CrashDumps
2015-08-25 21:54 - 2015-06-19 17:27 - 00000000 ____D C:\AdwCleaner
2015-08-25 21:54 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\TAPI
2015-08-25 21:18 - 2014-03-18 11:45 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-25 17:23 - 2015-04-07 18:21 - 00002276 _____ C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-08-25 17:20 - 2015-05-01 02:06 - 00002520 _____ C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk
2015-08-24 01:13 - 2015-07-24 19:13 - 00000000 ____D C:\Users\Ralf\AppData\Local\JDownloader 2.0
2015-08-21 21:04 - 2015-04-07 18:48 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-20 19:57 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-19 16:41 - 2015-04-07 18:53 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-18 22:30 - 2014-11-30 14:29 - 00000000 ___RD C:\Users\Ralf\Desktop\PROGRAMME
2015-08-18 22:27 - 2015-04-07 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-08-18 22:27 - 2015-04-07 21:41 - 00000000 ____D C:\ProgramData\DivX
2015-08-18 22:27 - 2015-04-07 21:41 - 00000000 ____D C:\Program Files (x86)\DivX
2015-08-18 17:21 - 2014-08-18 14:28 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-18 17:21 - 2014-08-18 14:28 - 00000000 ____D C:\Program Files (x86)\Acer
2015-08-18 17:20 - 2015-04-07 18:16 - 00000000 ____D C:\Users\Ralf\AppData\Local\clear.fi
2015-08-14 20:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-14 17:15 - 2015-05-19 17:43 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-13 22:25 - 2014-07-14 20:33 - 00000000 ___HD C:\OEM
2015-08-12 23:58 - 2015-04-15 23:45 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 23:58 - 2015-04-10 00:00 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 23:58 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 23:58 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 23:58 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 17:55 - 2015-04-09 18:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 17:53 - 2015-04-09 18:44 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 17:52 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 23:23 - 2015-04-08 21:49 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-08 15:55 - 2015-04-10 04:25 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 15:55 - 2015-04-10 04:25 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 21:50 - 2014-08-18 14:28 - 00000000 ____D C:\ProgramData\Acer
2015-08-03 16:42 - 2015-04-07 19:03 - 00000000 ____D C:\Program Files\CCleaner
2015-08-03 04:14 - 2015-04-07 19:00 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-08-02 12:13 - 2014-08-18 14:30 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-02 10:33 - 2015-04-07 19:00 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-07-31 20:36 - 2015-04-07 18:54 - 00000000 ____D C:\Users\Ralf\AppData\Roaming\Opera Software
2015-07-31 20:36 - 2015-04-07 18:54 - 00000000 ____D C:\Users\Ralf\AppData\Local\Opera Software
2015-07-29 17:02 - 2014-07-14 20:34 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-29 16:58 - 2015-07-10 19:28 - 00000000 ___HD C:\$Windows.~BT
2015-07-29 04:37 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-27 17:05 - 2015-07-20 16:21 - 00003352 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-04-07 18:56 - 2015-04-07 18:56 - 0192716 _____ () C:\Users\Ralf\AppData\Local\4A594BA6_stp.CIS
2015-04-07 18:56 - 2015-04-07 18:58 - 0000290 _____ () C:\Users\Ralf\AppData\Local\4A594BA6_stp.CIS.part
2015-04-07 18:55 - 2015-04-07 18:55 - 0385602 _____ () C:\Users\Ralf\AppData\Local\5D515C96_stp.CIS
2015-04-07 18:55 - 2015-04-07 18:58 - 0000220 _____ () C:\Users\Ralf\AppData\Local\5D515C96_stp.CIS.part
2015-04-07 18:56 - 2015-04-07 18:56 - 1509462 _____ () C:\Users\Ralf\AppData\Local\69DD7379_stp.CIS
2015-04-07 18:56 - 2015-04-07 18:58 - 0000295 _____ () C:\Users\Ralf\AppData\Local\69DD7379_stp.CIS.part
2015-07-19 16:48 - 2015-07-19 16:48 - 0043494 _____ () C:\Users\Ralf\AppData\Local\Tempdivx429b
2015-07-08 02:08 - 2015-07-08 02:08 - 0253196 _____ () C:\Users\Ralf\AppData\Local\Tempdivxb2cc
2014-08-18 14:12 - 2014-08-18 14:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Ralf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb890fn.dll
C:\Users\Ralf\AppData\Local\Temp\oct7FC7.tmp.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-24 00:49

==================== Ende von FRST.txt ============================

Und Addition:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
durchgeführt von Ralf (2015-08-26 19:37:03)
Gestartet von C:\Users\Ralf\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1094383403-439006449-3061626430-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-1094383403-439006449-3061626430-501 - Limited - Disabled)
Ralf (S-1-5-21-1094383403-439006449-3061626430-1001 - Administrator - Enabled) => C:\Users\Ralf

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8107 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3004 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3004 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2015 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.3 - Ashampoo GmbH & Co. KG)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4218 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1094383403-439006449-3061626430-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{2DF18CA8-86F2-4F3A-A1BF-A2A7D39B9161}) (Version: 7.0.49.127 - Foxit Software Inc.)
Free YouTube Download version 3.2.56.324 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.56.324 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1094383403-439006449-3061626430-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Wiederherstellungspunkte =========================

08-08-2015 16:46:26 Geplanter Prüfpunkt
12-08-2015 17:52:12 Windows Update
20-08-2015 19:57:29 Windows Update
25-08-2015 23:16:58 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2015-06-19 16:57 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com

Da befinden sich 1000 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02155064-7B1D-4EF6-9690-A8A8A917CB37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0256D1E2-E88B-4CC6-A3E3-D211E54E3114} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
Task: {0EC57C44-EC7F-4996-8E14-D02612687186} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {10ADE5D4-7068-4EBF-B6E5-53CF2E810EDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-07] (Google Inc.)
Task: {1112AB9E-8882-45C1-A23A-3F010E9A9D35} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {18B089BE-9C99-46E5-AA4E-17F0574366CF} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {197DAAAF-B9C5-4899-BE12-0BA49A69A57F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {209758AF-DF40-4A47-AE13-4115CF05CF5E} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {44941B8A-5248-4D14-80EF-A63684FED478} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {4FA3CADA-465C-4D79-9279-54EF734039AE} - System32\Tasks\Opera scheduled Autoupdate 1438367793 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {54CE4BF5-A884-48A4-8544-53043A04AA13} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-06-26] (Acer Incorporate)
Task: {57BD7764-375B-4475-ADDF-78C9CA757506} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {57E81BD6-433B-406F-9FBB-332DC1EC4EDE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {638A7B1D-0B3B-4CD7-9175-BEF15580402E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {66945B58-81A8-41D1-8AB8-A21BE9287690} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-07] (Google Inc.)
Task: {863E55FD-9CAC-408A-B75C-2411E76028A4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1094383403-439006449-3061626430-1001UA => C:\Users\Ralf\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {885C75AE-8409-4A10-978D-6289E88A56A6} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {9B652983-3430-4D36-B9CC-21E7868B1625} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A0F14B8A-C7B9-412F-8DF3-8089DF3BBBF9} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-06-10] (Acer Incorporate)
Task: {A609BD60-11DC-4A30-BE18-D3AAEAA84EAF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A6D7C5D1-BCE0-44A4-9655-6880A9FDED05} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1094383403-439006449-3061626430-1001Core => C:\Users\Ralf\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {AE939115-2FF1-4DC2-988A-F906D857BCF1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {B334E4E8-C59C-4B89-AB26-3D72C17A3945} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {BCBCCCFC-C41C-4E61-8389-96006307872D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {C39792A0-FC11-4D48-AC7D-A5D1DFC30B24} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {C7A7393C-212C-4915-B551-28ED45C8D32D} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2015-06-27] (DivX, LLC)
Task: {D7528C53-834E-4467-AAC5-C6169A96AF12} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {E0D397A2-FAC8-4F18-A6A7-8D99A5D889EA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1094383403-439006449-3061626430-1001Core.job => C:\Users\Ralf\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1094383403-439006449-3061626430-1001UA.job => C:\Users\Ralf\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-06-22 16:29 - 2015-06-17 08:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-18 14:32 - 2012-04-24 12:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-04-29 02:38 - 2014-04-29 02:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 02:35 - 2014-04-29 02:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 02:42 - 2014-04-29 02:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-08-18 14:12 - 2013-10-01 11:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-07-17 19:34 - 2015-07-17 19:34 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-27 17:46 - 2015-07-27 17:46 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-04-07 19:09 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-07 19:09 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-07 19:09 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-07 19:09 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-07 19:09 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-13 16:34 - 2015-06-03 23:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-08-26 18:46 - 2015-08-26 18:46 - 00071168 _____ () c:\users\ralf\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb890fn.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00012800 _____ () C:\Users\Ralf\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00779776 _____ () C:\Users\Ralf\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 04:45 - 2015-08-05 22:49 - 00056320 _____ () C:\Users\Ralf\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00012288 _____ () C:\Users\Ralf\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-27 17:47 - 2015-07-27 17:47 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2014-08-18 14:37 - 2014-06-30 21:26 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-08-21 21:04 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 21:04 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-27 17:05 - 2015-07-27 17:05 - 00014176 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-08-21 21:04 - 2015-08-18 07:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Ralf\OneDrive:ms-properties

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr eingeschränkte Seiten.

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1094383403-439006449-3061626430-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{130406D1-07C4-476D-82BF-23A79E7D7574}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{821B74B4-2769-480B-AE03-6B60390C1314}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9BFCCBE6-48D4-49B4-BB1F-9412C74B382B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8ECDBB5B-EF24-4EF0-81F1-59B184FDD734}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{97385329-EEA0-433B-A0A5-E730879ABFE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E6D10CE7-8766-4CD4-8833-0633D2635CA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7C485C57-D3FA-485B-A50D-73480E61064A}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{DF70C66D-803C-4EED-B936-722A4E61DCE0}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{DD0CC646-BA6A-4D44-9145-FC2B8B1BAE73}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{62A14D8F-83BE-49C1-9D18-A863ED39F9ED}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8E82D1FA-FA34-4414-825E-B4E753791A20}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A461E01C-7B25-4A26-BB34-101A3AB7F686}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{F6C8582D-0047-450F-A6C9-3B2AF05EA773}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1345E3FD-68FF-451A-8CF4-505D12CB102A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5268FF1C-5A5F-4DFB-BAD5-806A83EF3C60}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2E8F3667-9F18-4A01-A054-0A8D8ECD5B18}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3ADBE5AC-50DB-4C28-ACE9-C5314BD6FE6C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85001755-5566-4BAC-8A5A-DC789D0C9586}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B3C18168-B905-4FE6-874C-07E87C5D4C1A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D804C160-D48A-42A8-94AA-22ADF35AD664}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E6C2C81B-1194-4511-AC76-D43CAA1D3A0F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D7F63C77-3523-4DA6-9CE5-15C73BF49004}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{8B55C9CA-AC75-4DA9-B18A-213E62906725}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A2E7A8CC-89A8-4434-A4D2-C0A60D266DD9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{D0EAA3E3-4398-4B3C-9593-EB3DA3AA8002}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{BE92252A-7B05-47B7-AEB6-5818BA0A3E29}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{303F9EE1-40F0-4E8F-BC69-983FB2F61F38}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{13D3DA19-7087-4729-A2C1-B6648A4137D1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{687A6F9D-74A6-4A92-95AD-814506C059FF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{42B4F6CB-8FB8-46A8-86A5-FF6D6F70D8B0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{90DFB974-E985-4A6E-9D28-B133D9DBA647}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{B9951DEA-66CD-4F57-93E2-767347FFD03B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3F1F7675-9095-4526-9732-1F6537132752}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{526077C2-50A7-47CF-A6A3-95251ED3ABED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E471C73F-A10C-4902-876A-BA560199CA44}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{57FF95B3-0C06-44A0-911C-08131DD1B3C1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A30FF616-7C5F-4809-A1C4-60CF3611D2D8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{413BCA13-E6CA-48F8-A211-18D7D78CD060}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{846B5B35-0659-4242-9FD0-6CD8B5AD6F5A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B1B2BA9A-0F1A-488E-A500-0AE4BD5BEA7E}] => (Allow) C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9AA60F71-DC1B-4F58-B8B9-FF91DDC4C721}] => (Allow) C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D95BFF54-FA09-41DC-A424-021B53C354E4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9F59CD70-5B31-40A7-B1CD-88CB2BDE977D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4CF965CC-B9F5-4D1B-9BF8-648B535F4981}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0BC2E3DF-8C81-49CB-BD90-1BA41BA970FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E3A9DE3E-BB76-4ADC-AB27-6D8D6E03D0B1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2A3E6613-3535-45BC-B07F-9CED2557F2D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0F15E0FB-0D5B-4678-ADDE-D64822CBC9E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BD287B79-1DC7-4F72-800C-38206C0996D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ED10F4A2-A1D4-40A3-B0FC-DA7354FDEC2C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2A4D9C14-B9DA-4F55-AACA-2395B52B21D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C74F4D9-7885-4356-B7D6-AB836575D967}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41412C17-3DE7-425A-85C0-12B73C039B29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{019EBD08-284B-4347-946E-6671192FF324}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2BC9BA08-9DF4-4D0B-AC62-BB36BF80D329}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B931372F-EEB8-4788-BA43-F57A824602E1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{15D73FF3-E14A-409C-96E8-984B75960C18}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A23541CE-9A09-4DCD-B06D-5427B602B3BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4E2BB25C-7DDA-4640-A46A-6B93E7F010EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CDB981F1-995C-42CA-812A-49262E53732A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3EE04089-2529-4D2F-9A15-7CC1D4A69C5A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{93DB14FA-D194-448F-8EE4-FF99F39115F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89E10859-669F-4A1D-AD5D-5E01CA9A4E0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4D792AB7-A748-4B5D-B26E-F309EE229289}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E77016EB-0682-4A03-A302-B2F69CF7DFBA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C2528838-7180-417C-A6B1-CF610BAE51DB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E79EAE2E-A7E1-415A-932A-2CC88AEED812}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B467DB71-512F-4B0B-9B0C-46AC5ABEC1A2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D04FB6D5-ECB4-4D8A-A588-A956D87742A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/25/2015 07:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7125

Error: (08/25/2015 07:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7125

Error: (08/25/2015 07:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2015 07:46:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5812

Error: (08/25/2015 07:46:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5812

Error: (08/25/2015 07:46:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2015 07:46:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4281

Error: (08/25/2015 07:46:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4281

Error: (08/25/2015 07:46:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2015 07:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2890


Systemfehler:
=============
Error: (08/26/2015 04:49:14 PM) (Source: DCOM) (EventID: 10010) (User: RALF-ACER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/26/2015 04:49:14 PM) (Source: DCOM) (EventID: 10010) (User: RALF-ACER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/26/2015 10:46:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Home

Error: (08/25/2015 11:18:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "User Experience Improvement Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/25/2015 11:18:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/25/2015 11:18:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel® ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/25/2015 11:18:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access RadioMgr Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/25/2015 11:18:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/25/2015 11:18:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/25/2015 11:18:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (08/25/2015 07:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7125

Error: (08/25/2015 07:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7125

Error: (08/25/2015 07:46:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2015 07:46:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5812

Error: (08/25/2015 07:46:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5812

Error: (08/25/2015 07:46:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2015 07:46:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4281

Error: (08/25/2015 07:46:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4281

Error: (08/25/2015 07:46:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/25/2015 07:46:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2890


==================== Speicherinformationen ===========================

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 8115.27 MB
Verfügbarer physikalischer RAM: 4967 MB
Summe virtueller Speicher: 11059.27 MB
Verfügbarer virtueller Speicher: 7230.47 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:118.43 GB) (Free:63.62 GB) NTFS
Drive d: (DATA) (Fixed) (Total:915.33 GB) (Free:570.85 GB) NTFS
Drive f: (WD 640) (Fixed) (Total:596.17 GB) (Free:72.56 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 9BE11E46)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9BE111A9)

Partition: GPT.

========================================================
Disk: 2 (Size: 596.2 GB) (Disk ID: ACDD9B22)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Das wars erstmal :)
Neuland für den alten Mann ^^

cosinus 26.08.2015 22:56
Neuland ist für die Merkels da draußen, aber nicht für Fressbacken :blabla:

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Fressbacke 26.08.2015 23:22
Liste der Anhänge anzeigen (Anzahl: 2)
So, das hat auch geklappt:

Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
durchgeführt von Ralf (2015-08-27 00:13:54) Run:1
Gestartet von C:\Users\Ralf\Desktop\SECURITY
Geladene Profile: Ralf (Verfügbare Profile: Ralf & Administrator)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
EmptyTemp:
*****************

EmptyTemp: => 927.8 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden..

==== Ende von Fixlog 00:13:56 ====

Interessant ist, dass die Werbefenster u. a. dann kommen, wenn man mit dem Mauszeiger auf manchen Seiten (auch auf Eurer) über ein Bild geht. Auf Facebook z. B. ist das nicht so. Siehe Bild im Anhang.

Malwarebytes sagt in DEM Moment dann auch, das jemand Böses mit meinem Lap reden möchte (Prozesse Kaspersky und Google Chrome, mehrere Meldungen hintereinander) - siehe 2. Bild.

cosinus 26.08.2015 23:26
Erstell dir mal ein neues Profil und teste:

Firefox => http://support.mozilla.com/de/kb/Profile%20verwalten
Chrome => https://support.google.com/chrome/answer/3296214?hl=de

Fressbacke 26.08.2015 23:59
Bei beiden Browsern die alten Profile gelöscht und neue gemacht ...
Und nein ... es ändert sich nix ... siehe screenshot im Anhang ...

Fressbacke 27.08.2015 00:01
Liste der Anhänge anzeigen (Anzahl: 1)
ähm ja ... Bild nun hier

cosinus 27.08.2015 00:31
Wie bei beiden :wtf: ich weiß doch, dass normalerweise Chrome immer Ärger macht :p

Fressbacke 27.08.2015 00:34
Oh sorry, das war missverständlich von mir.

Ich nutze standardmäßig den Chrome, da der an sich von mir geschätzte Firefox manchmal Probleme (mit Flash-basierten Browserspielen) macht.

Der Fuchs ist sauber ..... Chrome wäre aber viel wichtiger, leider.

cosinus 27.08.2015 01:01
Das ist ein typisches Chrome-Problem. Hau den mal komplett raus. Und immer nur die Setups vom Hersteller laden, helfen kann dir dabei unser Downloadportal FilePony.de

(aber Vorsicht, Werbung is da auch :D )

Fressbacke 27.08.2015 01:06
Das hatte ich eh als nächsten Schritt vor ...
Wobei, wenn ich mich recht erinnere, die jetzige Version von der google-seite ist.
Ich frage mich, ob die kurzzeitige Installation von Coowon irgendwas reingeschossen hat, basiert ja auf Chrome. Den hab ich wieder runter weil er mir teilweise kein fullscreen anzeigen wollte.
Ich werde berichten ;)

Und DANKE schon mal!

Manchmal fühle ich mich an SINIX-Zeiten erinnert ^^

cosinus 27.08.2015 01:10
Zitat:
Zitat von Fressbacke (Beitrag 1507606)
Manchmal fühle ich mich an SINIX-Zeiten erinnert ^^
Oh Gott :eek: ich dachte erst du meinst XENIX :zzwhip:

Fressbacke 27.08.2015 01:30
Hehe - ja, SINIX ist ja der Siemens-Abkömmling von Unix / Xenix.
War jahrelang bei Behörden im Einsatz ... großes Kino für den User teilweise :headbang:

Chrome neu installiert - vorher alles runter, Scan mit Malwarebytes brachte "null".

Der kleine Prinz scheint nun sauber zu sein :daumenhoc

Merci vielmals


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:33 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19