Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maleware (?), 2nd. rundll32.exe (syswow64) consumes CPU.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Robertbert

Robertbert

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 08 January 2017 - 09:29 PM

Good evening,

 

i have a prolem with my Laptop. It became slow as f*** and ever task is delayed, something is using my CPU for no reason. I cant tell when exactly this started, because this is my "reserve" computer.

Ohne problem was, at least i thought so, caused by svchost.exe (netsvcs), specificly wuaueng.dll. Deactivating windows update didnt changed that.

But while digging into the problem walwarebytes showed me that the "rundll32.exe" in syswow64 ist trying to open/connect to websites. I wanted to solve this problem on my own, but google wasnt helpful. So ich really hope u can help me.

As you might suspected english is not my mothertonge, so if something is unclear please let me now and i will try my best to give you all the information needed.

 

I used the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".

Thanks a lot!

 

 

FRST

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
durchgeführt von Robert (Administrator) auf ROBERTLAPTOP (09-01-2017 02:45:21)
Gestartet von C:\Users\Robert\Downloads
Geladene Profile: Robert &  (Verfügbare Profile: Robert)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2017-01-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61640 2016-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4299E384-6288-4B2B-B6F3-5C3530462C9F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726 [2017-01-09]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-05]
FF Extension: (Click to call with Skype) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-10-29] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017020114603: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01092017021558147: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (Google Präsentationen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Google-Suche) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2015-01-06]
CHR Extension: (Google Tabellen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Google Mail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [Datei ist nicht signiert]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-05] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2017-01-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2017-01-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-19] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-08] (Malwarebytes)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-09 02:45 - 2017-01-09 02:46 - 00028978 _____ C:\Users\Robert\Downloads\FRST.txt
2017-01-09 02:40 - 2017-01-09 02:45 - 00000000 ____D C:\FRST
2017-01-09 00:42 - 2017-01-09 00:42 - 02419200 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2017-01-08 22:22 - 2017-01-08 23:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-08 22:21 - 2017-01-08 23:33 - 00000000 ____D C:\Users\Robert\Desktop\mbar
2017-01-08 22:18 - 2017-01-08 22:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Robert\Downloads\mbar-1.09.3.1001.exe
2017-01-08 20:38 - 2017-01-08 20:38 - 00000000 _____ C:\Windows\SysWOW64\sho7D01.tmp
2017-01-08 20:08 - 2017-01-08 20:08 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-08 20:07 - 2017-01-08 23:47 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-08 20:07 - 2017-01-08 20:45 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 20:07 - 2017-01-08 20:45 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-08 20:07 - 2017-01-08 20:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-08 20:07 - 2017-01-08 20:07 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-08 20:07 - 2017-01-08 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 20:07 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 20:06 - 2017-01-08 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 20:06 - 2017-01-08 20:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 20:04 - 2017-01-08 20:05 - 00000085 _____ C:\Windows\wininit.ini
2017-01-08 19:31 - 2017-01-08 19:31 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 19:26 - 2017-01-08 19:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-08 19:25 - 2017-01-08 20:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 18:45 - 2016-11-18 07:18 - 01457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Robert\Downloads\procexp64.exe
2017-01-08 15:55 - 2017-01-08 16:03 - 00000000 ____D C:\Users\Robert\Caro Fotos
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Steam
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Chromium
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\CEF
2017-01-05 20:55 - 2017-01-09 02:41 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2017-01-05 20:44 - 2017-01-05 20:44 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-01-05 20:36 - 2017-01-09 01:10 - 00000000 ____D C:\Users\Robert\AppData\Roaming\StardewValley
2017-01-05 20:21 - 2017-01-05 20:21 - 00000222 _____ C:\Users\Robert\Desktop\Stardew Valley.url
2017-01-05 20:19 - 2017-01-05 20:19 - 00001140 _____ C:\Users\Public\Desktop\Avira Connect.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-09 02:38 - 2013-03-17 18:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-09 01:57 - 2015-01-13 18:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-09 00:37 - 2012-11-16 18:25 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA.job
2017-01-08 20:54 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 20:54 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 20:50 - 2010-09-10 16:37 - 00700134 _____ C:\Windows\system32\perfh007.dat
2017-01-08 20:50 - 2010-09-10 16:37 - 00149984 _____ C:\Windows\system32\perfc007.dat
2017-01-08 20:50 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 20:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-08 20:39 - 2013-08-06 18:32 - 00000314 _____ C:\Windows\Tasks\LXVSXTINV.job
2017-01-08 20:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-08 20:05 - 2012-10-18 14:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 18:44 - 2012-09-17 19:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Downloaded Installations
2017-01-08 18:37 - 2012-11-16 18:25 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core.job
2017-01-08 15:55 - 2010-10-31 17:51 - 00000000 ____D C:\Users\Robert
2017-01-06 18:27 - 2016-05-20 13:46 - 00000000 ____D C:\Users\Robert\AppData\Local\ElevatedDiagnostics
2017-01-06 18:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-06 18:20 - 2016-10-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-06 18:20 - 2014-11-18 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-05 21:57 - 2015-01-13 18:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-05 21:57 - 2015-01-13 18:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-05 21:57 - 2015-01-13 18:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-05 21:57 - 2012-06-18 02:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 21:57 - 2010-05-07 00:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-05 21:10 - 2014-11-18 21:57 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-05 21:10 - 2014-11-18 21:57 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-05 20:57 - 2014-06-18 15:03 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2017-01-05 20:54 - 2014-11-18 21:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-05 20:54 - 2014-11-18 21:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-05 20:36 - 2010-10-31 19:09 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-05 20:36 - 2010-10-31 19:09 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-05 20:33 - 2015-04-14 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-05 20:24 - 2016-10-22 07:11 - 00035864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-01-05 20:24 - 2013-08-16 20:29 - 00176464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-01-05 20:24 - 2013-08-16 20:29 - 00148032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-01-05 20:19 - 2014-08-07 12:58 - 00000000 ____D C:\ProgramData\Package Cache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-07-29 00:35 - 2015-07-29 00:35 - 6420480 _____ () C:\Program Files (x86)\GUT290.tmp
2014-02-09 13:11 - 2014-02-09 13:11 - 0003584 _____ () C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-01 04:09 - 2014-04-01 04:09 - 0297400 _____ (VuuPC Limited) C:\Users\Robert\AppData\Local\nsw7887.tmp
2014-11-09 19:18 - 2014-11-09 19:18 - 0007625 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2010-05-07 00:57 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-08-01 03:33

==================== Ende von FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 09 January 2017 - 06:40 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Your log shows a proxy server.
Did you know that / did you do those settings?
 

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Edited by Jo*, 09 January 2017 - 11:54 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 09 January 2017 - 05:33 PM

Hey Jo,

thanks for helping me out. I did everything u said. And no, i was not aware of Proxys.

 

1. The security check log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 111  
 Java version 32-bit out of Date!
 Adobe Flash Player 24.0.0.186  
 Adobe Reader XI  
 Mozilla Firefox (50.1.0)
 Google Chrome (55.0.2883.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

 

2. Malware rootkit found nothing

 

3. # AdwCleaner v6.042 - Bericht erstellt am 09/01/2017 um 23:29:00
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-09.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Robert - ROBERTLAPTOP
# Gestartet von : C:\Users\Robert\Downloads\AdwCleaner.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Program Files (x86)\foxtabvideoconverter
Ordner Gefunden: C:\Program Files (x86)\Pando Networks\Media Booster


***** [ Dateien ] *****

Datei Gefunden: C:\Users\Robert\AppData\Local\Microsoft\Internet Explorer\DOMStore\AF6NHCPC\premierdownloadmanager.dl.myway[1].xml
Datei Gefunden: C:\Users\Robert\AppData\Local\Microsoft\Internet Explorer\DOMStore\3A77ASPJ\sendfilesfree.dl.myway[1].xml


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\premierdownloadmanager.dl.myway.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\sendfilesfree.dl.myway.com
Schlüssel Gefunden: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Software\Softonic
Schlüssel Gefunden: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Softonic
Schlüssel Gefunden: HKCU\Software\Softonic
Schlüssel Gefunden: [x64] HKCU\Software\Softonic
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
Schlüssel Gefunden: HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - aaaaacalgebmfelllfiaoknifldpngjh

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [8355 Bytes] - [15/11/2014 23:58:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [7701 Bytes] - [16/11/2014 00:03:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [2928 Bytes] - [09/01/2017 23:29:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3001 Bytes] ##########
 


Edited by Robertbert, 09 January 2017 - 05:36 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 09 January 2017 - 06:03 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 09 January 2017 - 06:33 PM

Hello,

 

sorry but i already did the Adw cleaning, and while cleaning i accidently shut it down (no electricity). when i started the pc again i re-ran Adwcleaner nothing was found.

At the moment I am running Malewarebytes Anti-Rootkit. Shall I continue with step 2 adwcleaner.exe and the following steps you suggested ?



#6 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 09 January 2017 - 06:43 PM

When Malewarebytes Anti-Rootkit scan is done, skip AdwareCleaner and continue with steps 3, 4 and 5.
Thanks.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 09 January 2017 - 08:30 PM

Malwarebytes found nothing!

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Robert (Administrator) on 10.01.2017 at  1:29:34,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 33

Successfully deleted: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726\extensions\trash (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\GUT290.tmp (File)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PYQAE7H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ISF2RK6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J4UQZC2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU3O94KM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Robert\AppData\Local\nsw7887.tmp (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PYQAE7H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ISF2RK6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J4UQZC2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU3O94KM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho4485.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho5A87.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho5EB0.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho65E5.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho6848.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho6CEE.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho7031.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho7D01.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8A39.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho9489.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoA54.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoE107.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoECC9.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2017 at  1:39:26,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

it feels faster already i think.

 

 

 

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-01-2017
durchgeführt von Robert (10-01-2017 02:05:04)
Gestartet von C:\Users\Robert\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-10-31 16:51:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3354662138-887630912-1369600505-500 - Administrator - Disabled)
Gast (S-1-5-21-3354662138-887630912-1369600505-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3354662138-887630912-1369600505-1002 - Limited - Enabled)
Robert (S-1-5-21-3354662138-887630912-1369600505-1000 - Administrator - Enabled) => C:\Users\Robert

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1996373246.48.56.4008682 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Command & Conquer Alarmstufe Rot 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command && Conquer Alarmstufe Rot 2 - Yuris Rache (HKLM-x32\...\Yuri's Revenge) (Version:  - )
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Die Schlacht um Mittelerde™ (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version:  - )
Die Völker (HKLM-x32\...\Die Völker) (Version:  - )
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM-x32\...\WOLAPI) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardew Valley (HKLM-x32\...\Steam App 413150) (Version:  - ConcernedApe)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {194A528E-A242-4DEA-8537-4D17D8F04159} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {1CC03C66-2C0B-46B4-8906-3391E2247ECB} - System32\Tasks\{F921BEC6-DAF6-480F-AB96-05F3B44F2371} => C:\Users\Robert\Desktop\Spiele\Valve\hl.exe [2003-12-12] (Valve)
Task: {21C42F06-CA9D-459C-8B55-7322E05EBC9A} - System32\Tasks\{7C9C83D8-3ABA-4A93-A0C1-2FF1E5E52977} => pcalua.exe -a D:\setup.exe -d D:\
Task: {2F989ED7-8540-4028-B4B0-8EC6A946FD88} - System32\Tasks\LXVSXTINV => Rundll32.exe "C:\Windows\SysWOW64\C_10001H.dll",NHHBGJGVP
Task: {303E9713-32E9-40F9-B5F8-272B6C7584A2} - System32\Tasks\{F40D67C0-4279-4581-AC18-45D09739FF01} => pcalua.exe -a C:\Users\Robert\Downloads\world_in_conflict_1.000_to_1.010_de.exe -d C:\Users\Robert\Downloads
Task: {416A2B7D-68EA-4B2F-AFF6-B9D6D704C303} - System32\Tasks\{FBE9B1BF-41F4-4D1C-80B2-1EB5C3470678} => pcalua.exe -a C:\Windows\IsUn0407.exe -c -f"C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files (x86)\Common Files\3DO Shared\3DOUnInst.dll
Task: {43B49424-4D12-425A-8802-55003B694FFF} - System32\Tasks\{1F3C7839-6246-488D-BC65-F1F5125CC0BA} => C:\Users\Robert\Desktop\Spiele\Valve\hl.exe [2003-12-12] (Valve)
Task: {461AA158-E276-47A7-8E50-D309E2CBD467} - System32\Tasks\{34CE1536-D409-4EA4-914A-23462EB258EA} => pcalua.exe -a C:\Users\Robert\Downloads\world_in_conflict_1.010_to_1.011_de.exe -d C:\Users\Robert\Downloads
Task: {4CDD5196-3B8D-4B6A-839D-C2FB51C24C27} - System32\Tasks\{4D81DD00-E1DC-4197-BE9F-8DB73650E717} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}\ICQ7.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {4EBF17D7-3CF8-4018-8315-36B4F648F80A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {509189F6-B2E9-43EE-86C9-1D8EC600A3B7} - System32\Tasks\{C6E95E08-707B-4D80-ABD9-096517FDB691} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsMain
Task: {557DA7E3-2DE6-4759-A746-8CF0769FAD99} - System32\Tasks\{759F6D96-0445-48FE-A305-B3CD554CA582} => pcalua.exe -a C:\Users\Robert\EAUninstall.exe
Task: {65346C20-1861-4CB9-B2CA-598DE585C380} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7AAD53C4-9065-4D34-B925-0052D4EA4EBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8943442E-49E2-41E8-ADDC-D1F8F865AC7E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {8BF554A4-A9C3-4D43-887D-70F7B245815F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8D138C3E-F7CC-4A5C-9716-68A25D165F18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-05] (Adobe Systems Incorporated)
Task: {979550E1-EA0A-46F8-898C-7D3D88C6BBAB} - System32\Tasks\{BB4C1846-BAD8-44CA-8D3A-F3AA691B4411} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {A2A8BFCC-D7EA-403E-8251-C4A2086973AC} - System32\Tasks\{AE1FE87C-44F4-42D4-9154-8F40FA65C567} => C:\Users\Robert\Desktop\Spiele\Valve\hl.exe [2003-12-12] (Valve)
Task: {BA2232D5-30F9-47B1-BA2C-71A116939012} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {DFBBEAD1-6F78-4416-8483-3ECA37F7295A} - System32\Tasks\{26EB9473-F777-4B3A-BC72-832E011566D9} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
Task: {DFFBCCD8-9ADC-4DC3-B5F9-21D05149A622} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {ED1D1698-99D7-489D-8129-FEBB95F3A654} - System32\Tasks\{C0EAF9F2-A347-451A-A13C-BA48A0CF3E8D} => pcalua.exe -a D:\autorun.exe -d D:\

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core.job => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA.job => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\LXVSXTINV.job => rundll32.exe  C:\Windows\SysWOW64\C_10001H.dll

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-01-30 14:52 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-10-05 20:11 - 2013-04-05 15:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-01-08 20:07 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-08 20:07 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-08 20:07 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:798A3728 [130]
AlternateDataStreams: C:\ProgramData\Temp:93DE1838 [136]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7864 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7864 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

Da befinden sich 7864 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\123simsen.com -> www.123simsen.com

Da befinden sich 7864 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: Onguv => C:\Users\Robert\AppData\Roaming\Sykeil\efup.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{0369B514-7B69-4C9B-87B2-303293472E92}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A5B332B7-F86E-4F5A-9CCA-235F7510F23E}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D71860BE-E3F8-441A-A7A8-C02552BBCE0D}] => svchost.exe
FirewallRules: [{6C901340-7345-4585-A75E-9FC15E8A16E5}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{402AA36D-8329-4675-A7D6-975B82DD4C67}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BCBCF46E-1DD7-418B-82BF-4AF384264981}] => C:\Program Files (x86)\Codemasters\F1 2010\F1_2010_game.exe
FirewallRules: [{2F3617CC-0851-4EEA-A68E-464D27FFFE84}] => C:\Program Files (x86)\Codemasters\F1 2010\F1_2010_game.exe
FirewallRules: [{9857643A-D112-471B-913B-BE4C3B0818A5}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic.exe
FirewallRules: [{BF75BBFD-533B-4E2C-9097-F7B0BB84072C}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic.exe
FirewallRules: [{60869DB3-7486-47B4-B9F8-6FC078B0AF0F}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe
FirewallRules: [{069A4BB0-3A61-4920-A7CE-F4072901B5C4}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe
FirewallRules: [{28450C56-D563-428B-AF3C-258F010C3D79}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe
FirewallRules: [{509082FC-6DB8-4AFF-9591-F8D63C3EC476}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe
FirewallRules: [{B495D6EC-9DFE-498F-B9FD-E44FDFDCC2F1}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{AE9BF5A1-F0E3-4C48-AE0B-B4236768FB58}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{76AC0227-A81D-4F0D-93ED-297F774C2187}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{D833D6FF-DDFC-4C0C-8AF0-5A36030FEA96}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BC5B3CEC-0289-463C-9B8E-A89650FD39D7}C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CDF600E5-9C53-4FE0-9443-72FC1F068037}C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe
FirewallRules: [TCP Query User{266748DF-4478-4350-833A-FEC07B65D413}C:\westwood\c&c95\cncnet.exe] => C:\westwood\c&c95\cncnet.exe
FirewallRules: [UDP Query User{7AD0D820-AD6F-4040-97F6-201DD1D2F164}C:\westwood\c&c95\cncnet.exe] => C:\westwood\c&c95\cncnet.exe
FirewallRules: [TCP Query User{24C03EDE-C160-4688-A08E-131AF181A56B}C:\westwood\c&c95\c&c95.exe] => C:\westwood\c&c95\c&c95.exe
FirewallRules: [UDP Query User{5023F731-C46D-49BE-A8AC-86C18FC7B7E4}C:\westwood\c&c95\c&c95.exe] => C:\westwood\c&c95\c&c95.exe
FirewallRules: [{2CE17667-ED57-491D-9D39-FDABE0AFA5CA}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D88862CA-E46B-4CCF-9921-F857E4C3F503}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{AAAF6617-2A42-4EC4-8FF5-AB563E092943}C:\program files (x86)\tmunitedforever\tmforever.exe] => C:\program files (x86)\tmunitedforever\tmforever.exe
FirewallRules: [UDP Query User{AA2C671B-AA46-4ABA-8A4D-0FDF93CAD061}C:\program files (x86)\tmunitedforever\tmforever.exe] => C:\program files (x86)\tmunitedforever\tmforever.exe
FirewallRules: [TCP Query User{9873169B-083E-4947-A5DB-AFCAFF89C73B}C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe] => C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe
FirewallRules: [UDP Query User{E07C41A6-9798-4F26-8B90-56E08520B35C}C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe] => C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe
FirewallRules: [TCP Query User{95014A7A-B46D-4B6D-8606-4CDDDF3E61BA}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{6AFA9354-ECE2-48A5-B078-DEBB58FBFEB3}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8E6AC588-449A-42F4-872C-2194298A3C76}C:\users\robert\desktop\spiele\valve\hl.exe] => C:\users\robert\desktop\spiele\valve\hl.exe
FirewallRules: [UDP Query User{C3929860-D16D-4426-A1F8-68A0C3F1A57F}C:\users\robert\desktop\spiele\valve\hl.exe] => C:\users\robert\desktop\spiele\valve\hl.exe
FirewallRules: [TCP Query User{1DBB9404-3AEC-4A6B-8632-B5C6E87678E2}F:\spiele\soldat\soldat.exe] => F:\spiele\soldat\soldat.exe
FirewallRules: [UDP Query User{BC5918B5-531D-40EB-A27E-BB198622884E}F:\spiele\soldat\soldat.exe] => F:\spiele\soldat\soldat.exe
FirewallRules: [TCP Query User{5393BD87-9935-42F1-ABEE-A9F678D98822}C:\users\robert\desktop\spiele\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\warcraft iii\war3.exe
FirewallRules: [UDP Query User{D5BBEB8E-94FC-454C-BC67-329E26191361}C:\users\robert\desktop\spiele\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\warcraft iii\war3.exe
FirewallRules: [TCP Query User{6E929088-6384-41B4-9B84-4389252E0DB6}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{7E76E2D3-706C-402B-91A6-B1C1FEDB6B80}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{7ABAA210-AC46-4062-B675-6913ABCC9E06}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{170C59E6-A3B0-4CBE-B27F-AA6926CAFE77}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{853D9254-AA5A-4140-94DD-59DFC9F9B5DD}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{2CB9B5D0-3372-4937-A7F5-2C755BCC6908}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{20997A20-955F-4B02-BACE-A3D3D34CA39B}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{E5119369-0B74-42A2-85B4-DC0DE526C15B}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{4E6D848B-5172-4D3D-B452-A38C9373EF41}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2DE32AB6-C739-4970-9527-1429BB973E09}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D9DBA767-6CD4-46D5-A6C9-443FCDFD5E7C}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{D85D71E4-8C31-4FF1-933F-290404E4873E}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{8E50F9DA-8E63-4EF4-982F-F69ED3319C9B}] => LPort=2869
FirewallRules: [{5FAFDDF5-56CA-46D9-82C9-1BE58C2A3642}] => LPort=1900
FirewallRules: [{F2238305-6CB4-4992-8D6B-26717C0C9ABF}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F976FBFF-3052-428D-B79C-64E390182F96}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{75042208-D466-4552-9CD5-BE09201E9184}C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe] => C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe
FirewallRules: [UDP Query User{C8C712AF-226E-4D58-BC1D-14922E7DCA30}C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe] => C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe
FirewallRules: [{F556C798-AEEF-46EF-9285-B68BA00366A2}] => C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78D783B4-6DDE-44F0-85C2-20DE5295D196}] => C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{344EE8F7-B0FF-4672-A74D-3211E68BF448}C:\program files (x86)\steam\steam.exe] => C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{8FF4A34E-9A06-484A-A848-585503FAFBA0}C:\program files (x86)\steam\steam.exe] => C:\program files (x86)\steam\steam.exe
FirewallRules: [{545CE44B-E990-4FCB-8CAA-B0386F751137}] => C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{9728A747-6A59-47D1-A25D-60850F79C933}] => C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{9BFD6646-4F90-45FA-90CC-313313E6C14D}] => C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B6350B8E-56AC-4607-9813-72EC47D89914}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{A041F61B-B8FF-41B0-AFF3-414EEE9F11A5}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{80747182-A972-436B-88C9-715DD35616CF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37003D26-B737-4C1F-B1FB-B54FE0E0EA90}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21B035F5-28B8-408F-A965-E890EC626A09}] => C:\Program Files (x86)\EA GAMES\Die Schlacht um Mittelerde™\game.dat
FirewallRules: [{FCF40A3D-C487-4504-8EB5-4A988C068CC3}] => C:\Program Files (x86)\EA GAMES\Die Schlacht um Mittelerde™\game.dat
FirewallRules: [{BB739ABE-5D11-40E0-B102-2522BE86D73E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{653DAF3F-DE62-4833-A3CD-6D2D467565CB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E695658C-5A6D-4AAA-814D-200491C4B824}] => C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{6A77DD2D-F0C5-43CC-A55F-3C0455BA3160}] => C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{A4854C9D-C97D-49E3-8ED9-E6031D45AF18}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{497BB64E-3A52-4B7A-B1BE-CCB2ED175539}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{91BF4DB4-C725-485C-9178-F6AF51CC6A5D}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BDB23C12-CBEF-47EB-A4CA-D5D0891B5327}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BEAF2D3B-4890-43E4-9CCD-42653773F17C}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F423CB39-17A1-4C79-82ED-E90BBA50763B}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FA921233-80B1-479C-9CE3-729B2BA00F20}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E80B26AC-ADAF-4AC2-8DBE-7E07CEE1876F}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{092C9983-FC57-4D86-8D00-56B62D643668}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{EB392683-C998-4187-B651-CBF1AF7842E2}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D14A2263-34CC-42CF-9D94-C8F8D87D1B20}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3368BED6-D62C-4591-9A1C-1DB57FC9A725}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{74B0A1F7-A056-4B0A-AC1A-1D80D18B58AE}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{9DF748DE-0E7F-4D21-AA41-9E50F42B6DD9}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{24B2DC67-38AE-449B-AC43-E3F8B33935A4}] => C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{CC734BB8-20B2-4DC1-8363-D9B3DB2D082F}] => C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{84BDE66B-ABB1-463F-84FB-820E72ED572A}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1252E300-7D97-4786-8146-25BDAE0AC124}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{ECB815B0-0E7A-4C8C-8DD6-0346BEB48DE0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C7C34811-7F6D-4CD7-95F9-A004DDA8CFA9}] => LPort=30509

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: ArcSec
Description: ArcSec
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ArcSec
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Power Control [2010/09/10 07:52:04]
Description: Power Control [2010/09/10 07:52:04]
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/10/2017 02:10:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.1.0.388, Zeitstempel: 0x58320f73
Name des fehlerhaften Moduls: MBAMCore.dll, Version: 3.0.0.510, Zeitstempel: 0x584f274d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000354c8
ID des fehlerhaften Prozesses: 0xf10
Startzeit der fehlerhaften Anwendung: 0x01d26ac9547a5c67
Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Pfad des fehlerhaften Moduls: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Berichtskennung: 89655cbe-d6d1-11e6-ba5a-8cc1ea36f4ba

Error: (01/10/2017 12:12:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a73e
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00082479
ID des fehlerhaften Prozesses: 0x1750
Startzeit der fehlerhaften Anwendung: 0x01d26acc2aa3a08d
Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung: 24e1d747-d6c1-11e6-ba5a-8cc1ea36f4ba

Error: (01/09/2017 11:50:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/09/2017 11:40:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}


Systemfehler:
=============
Error: (01/10/2017 02:13:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/10/2017 12:47:44 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/10/2017 12:41:06 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/10/2017 12:34:06 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/09/2017 11:41:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/09/2017 11:41:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/09/2017 11:41:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/09/2017 11:41:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Peernetzwerkidentitäts-Manager erreicht.

Error: (01/09/2017 11:40:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ArcSec

Error: (01/09/2017 11:39:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 3956.5 MB
Verfügbarer physikalischer RAM: 2276.22 MB
Summe virtueller Speicher: 7911.18 MB
Verfügbarer virtueller Speicher: 5350.35 MB

==================== Laufwerke ================================

Drive c: (ACER) (Fixed) (Total:452.48 GB) (Free:65.92 GB) NTFS
Drive d: (YR1) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5E435E43)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
durchgeführt von Robert (Administrator) auf ROBERTLAPTOP (10-01-2017 02:01:16)
Gestartet von C:\Users\Robert\Downloads
Geladene Profile: Robert &  (Verfügbare Profile: Robert)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2017-01-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61640 2016-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4299E384-6288-4B2B-B6F3-5C3530462C9F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726 [2017-01-10]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-05]
FF Extension: (Click to call with Skype) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-10-29] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (Google Präsentationen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Google-Suche) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2015-01-06]
CHR Extension: (Google Tabellen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Google Mail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [Datei ist nicht signiert]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-05] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2017-01-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2017-01-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-19] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-09] (Malwarebytes)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-10 01:39 - 2017-01-10 01:39 - 00004336 _____ C:\Users\Robert\Desktop\JRT.txt
2017-01-10 01:24 - 2017-01-10 01:24 - 01663040 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe
2017-01-09 22:35 - 2017-01-09 22:36 - 03988944 _____ C:\Users\Robert\Downloads\AdwCleaner.exe
2017-01-09 22:02 - 2017-01-09 22:02 - 00001091 _____ C:\Users\Robert\Desktop\checkup.txt
2017-01-09 21:10 - 2017-01-09 21:10 - 00852798 _____ C:\Users\Robert\Downloads\SecurityCheck.exe
2017-01-09 02:47 - 2017-01-09 02:55 - 00052163 _____ C:\Users\Robert\Downloads\Addition.txt
2017-01-09 02:45 - 2017-01-10 02:03 - 00024650 _____ C:\Users\Robert\Downloads\FRST.txt
2017-01-09 02:40 - 2017-01-10 02:01 - 00000000 ____D C:\FRST
2017-01-09 00:42 - 2017-01-09 00:42 - 02419200 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2017-01-08 22:22 - 2017-01-10 01:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-08 22:21 - 2017-01-10 01:22 - 00000000 ____D C:\Users\Robert\Desktop\mbar
2017-01-08 22:18 - 2017-01-08 22:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Robert\Downloads\mbar-1.09.3.1001.exe
2017-01-08 20:08 - 2017-01-08 20:08 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-08 20:07 - 2017-01-09 23:42 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-08 20:07 - 2017-01-09 23:41 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 20:07 - 2017-01-09 23:41 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-08 20:07 - 2017-01-09 23:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-08 20:07 - 2017-01-08 20:07 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-08 20:07 - 2017-01-08 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 20:07 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 20:06 - 2017-01-08 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 20:06 - 2017-01-08 20:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 19:31 - 2017-01-08 19:31 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 19:26 - 2017-01-08 19:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-08 19:25 - 2017-01-08 20:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 18:45 - 2016-11-18 07:18 - 01457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Robert\Downloads\procexp64.exe
2017-01-08 15:55 - 2017-01-08 16:03 - 00000000 ____D C:\Users\Robert\Caro Fotos
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Steam
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Chromium
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\CEF
2017-01-05 20:55 - 2017-01-10 01:41 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2017-01-05 20:44 - 2017-01-05 20:44 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-01-05 20:36 - 2017-01-09 01:10 - 00000000 ____D C:\Users\Robert\AppData\Roaming\StardewValley
2017-01-05 20:21 - 2017-01-05 20:21 - 00000222 _____ C:\Users\Robert\Desktop\Stardew Valley.url
2017-01-05 20:19 - 2017-01-05 20:19 - 00001140 _____ C:\Users\Public\Desktop\Avira Connect.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-10 01:57 - 2015-01-13 18:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-10 01:30 - 2013-08-06 18:32 - 00000314 _____ C:\Windows\Tasks\LXVSXTINV.job
2017-01-10 00:37 - 2012-11-16 18:25 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA.job
2017-01-09 23:48 - 2014-11-15 23:57 - 00000000 ____D C:\AdwCleaner
2017-01-09 23:48 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-09 23:48 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-09 23:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-09 23:36 - 2012-06-23 18:50 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2017-01-09 12:55 - 2010-09-10 16:37 - 00700134 _____ C:\Windows\system32\perfh007.dat
2017-01-09 12:55 - 2010-09-10 16:37 - 00149984 _____ C:\Windows\system32\perfc007.dat
2017-01-09 12:55 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-09 12:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-09 02:38 - 2013-03-17 18:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-08 20:05 - 2012-10-18 14:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 18:44 - 2012-09-17 19:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Downloaded Installations
2017-01-08 18:37 - 2012-11-16 18:25 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core.job
2017-01-08 15:55 - 2010-10-31 17:51 - 00000000 ____D C:\Users\Robert
2017-01-06 18:27 - 2016-05-20 13:46 - 00000000 ____D C:\Users\Robert\AppData\Local\ElevatedDiagnostics
2017-01-06 18:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-06 18:20 - 2016-10-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-06 18:20 - 2014-11-18 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-05 21:57 - 2015-01-13 18:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-05 21:57 - 2015-01-13 18:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-05 21:57 - 2015-01-13 18:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-05 21:57 - 2012-06-18 02:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 21:57 - 2010-05-07 00:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-05 21:10 - 2014-11-18 21:57 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-05 21:10 - 2014-11-18 21:57 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-05 20:57 - 2014-06-18 15:03 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2017-01-05 20:54 - 2014-11-18 21:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-05 20:54 - 2014-11-18 21:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-05 20:36 - 2010-10-31 19:09 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-05 20:36 - 2010-10-31 19:09 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-05 20:33 - 2015-04-14 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-05 20:24 - 2016-10-22 07:11 - 00035864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-01-05 20:24 - 2013-08-16 20:29 - 00176464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-01-05 20:24 - 2013-08-16 20:29 - 00148032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-01-05 20:19 - 2014-08-07 12:58 - 00000000 ____D C:\ProgramData\Package Cache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-02-09 13:11 - 2014-02-09 13:11 - 0003584 _____ () C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 19:18 - 2014-11-09 19:18 - 0007625 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2010-05-07 00:57 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-08-01 03:33

==================== Ende von FRST.txt ============================



#8 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 09 January 2017 - 08:36 PM

Another question:

With Process Explorer i am looking at different tasks. "svchost.exe" (netsvcs), more exactly wuaueng.dll is using 20/30% CPU. but i deactivated windows update for that reason. Is that normal? And you said something about a Proxy?



#9 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 10 January 2017 - 04:45 AM

Hello,
 

***


Copy FSRT64.exe to your desktop!

Log on to all your user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000] => localhost:8080
RemoveProxy:
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995] => localhost:8080
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
Task: {509189F6-B2E9-43EE-86C9-1D8EC600A3B7} - System32\Tasks\{C6E95E08-707B-4D80-ABD9-096517FDB691} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsMain
Task: {DFBBEAD1-6F78-4416-8483-3ECA37F7295A} - System32\Tasks\{26EB9473-F777-4B3A-BC72-832E011566D9} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [130]
AlternateDataStreams: C:\ProgramData\Temp:93DE1838 [136]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner


--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 10 January 2017 - 11:39 AM

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-01-2017
durchgeführt von Robert (10-01-2017 17:19:29) Run:1
Gestartet von C:\Users\Robert\Desktop
Geladene Profile: Robert &  (Verfügbare Profile: Robert)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {2f2039fb-bc9e-11df-b341-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {591d2be5-9bc1-11e3-b405-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {69d32e62-7229-11e3-9169-206a8a16d584} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {6fc8a047-4bf4-11e4-bd6d-206a8a16d584} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {88c6f99f-cfef-11e1-b16e-206a8a16d584} - E:\Autorun.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {e47b5390-cd5f-11e1-aef3-206a8a16d584} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {e869366c-e475-11df-b629-c44619a6d196} - E:\pushinst.exe
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\...\MountPoints2: {edbf1db2-b5e8-11e3-848d-206a8a16d584} - F:\HTC_Sync_Manager_PC.exe
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000] => localhost:8080
RemoveProxy:
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8080
ProxyServer: [S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995] => localhost:8080
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
SearchScopes: HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE403
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S1 ArcSec; system32\drivers\ArcSec.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\c:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [X]
Task: {509189F6-B2E9-43EE-86C9-1D8EC600A3B7} - System32\Tasks\{C6E95E08-707B-4D80-ABD9-096517FDB691} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/en/abandoninstall?page=tsMain
Task: {DFBBEAD1-6F78-4416-8483-3ECA37F7295A} - System32\Tasks\{26EB9473-F777-4B3A-BC72-832E011566D9} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12002&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-notinstalled
AlternateDataStreams: C:\ProgramData\Temp:798A3728 [130]
AlternateDataStreams: C:\ProgramData\Temp:93DE1838 [136]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
EmptyTemp:
End
*****************

Fehler: (0) Erstellen eines Wiederherstellungspunktes gescheitert.
Prozess erfolgreich geschlossen.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f2039fb-bc9e-11df-b341-806e6f6e6963} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{2f2039fb-bc9e-11df-b341-806e6f6e6963} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{591d2be5-9bc1-11e3-b405-206a8a16d584} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{591d2be5-9bc1-11e3-b405-206a8a16d584} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69d32e62-7229-11e3-9169-206a8a16d584} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{69d32e62-7229-11e3-9169-206a8a16d584} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc8a047-4bf4-11e4-bd6d-206a8a16d584} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{6fc8a047-4bf4-11e4-bd6d-206a8a16d584} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c6f99f-cfef-11e1-b16e-206a8a16d584} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{88c6f99f-cfef-11e1-b16e-206a8a16d584} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e47b5390-cd5f-11e1-aef3-206a8a16d584} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{e47b5390-cd5f-11e1-aef3-206a8a16d584} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e869366c-e475-11df-b629-c44619a6d196} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{e869366c-e475-11df-b629-c44619a6d196} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edbf1db2-b5e8-11e3-848d-206a8a16d584} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{edbf1db2-b5e8-11e3-848d-206a8a16d584} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKCR\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========

HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3354662138-887630912-1369600505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01102017020107995\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Schlüssel nicht gefunden.
HKLM\System\CurrentControlSet\Services\AntiVirWebService => konnte nicht entfernt werden Schlüssel. Zugriff verweigert.
HKLM\System\CurrentControlSet\Services\ArcSec => Schlüssel erfolgreich entfernt
ArcSec => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\EagleX64 => Schlüssel erfolgreich entfernt
EagleX64 => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\k57nd60a => Schlüssel erfolgreich entfernt
k57nd60a => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\{B154377D-700F-42cc-9474-23858FBDF4BD} => Schlüssel erfolgreich entfernt
{B154377D-700F-42cc-9474-23858FBDF4BD} => Dienst erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{509189F6-B2E9-43EE-86C9-1D8EC600A3B7} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509189F6-B2E9-43EE-86C9-1D8EC600A3B7} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{C6E95E08-707B-4D80-ABD9-096517FDB691} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6E95E08-707B-4D80-ABD9-096517FDB691} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFBBEAD1-6F78-4416-8483-3ECA37F7295A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBBEAD1-6F78-4416-8483-3ECA37F7295A} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{26EB9473-F777-4B3A-BC72-832E011566D9} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26EB9473-F777-4B3A-BC72-832E011566D9} => Schlüssel erfolgreich entfernt
C:\ProgramData\Temp => ":798A3728" ADS erfolgreich entfernt.
C:\ProgramData\Temp => ":93DE1838" ADS erfolgreich entfernt.
C:\ProgramData\Temp => ":AB689DEA" ADS erfolgreich entfernt.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26616122 B
Java, Flash, Steam htmlcache => 30627296 B
Windows/system/drivers => 477308618 B
Edge => 0 B
Chrome => 306315946 B
Firefox => 378735509 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42413337 B
systemprofile32 => 100347749 B
LocalService => 132244 B
NetworkService => 68530 B
Robert => 13699339 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporäre Dateien entfernt.

================================

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 10-01-2017 17:24:26)


Ergebnis der geplanten Schlüssel-Entfernung nach dem Neustart:

HKLM\System\CurrentControlSet\Services\AntiVirWebService => konnte nicht entfernt werden Schlüssel. Zugriff verweigert.

==== Ende von Fixlog 17:24:27 ====

 

 

Chrome Software cleaner found nothing.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 10 January 2017 - 12:23 PM

Ok.

Try to acivate System Restore, Windows Firewall and Windows update now.
 

***


How the computer is running now?


***


Run Security Check again.
 

***

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 10 January 2017 - 05:46 PM

I activated all of them. System is faster, but still laggy. Malewarebytes is telling me my c:\Windows\SysWOW64\rundll32.exe is trying to connect to strange websites.

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-01-2017
durchgeführt von Robert (10-01-2017 23:37:05)
Gestartet von C:\Users\Robert\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-10-31 16:51:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3354662138-887630912-1369600505-500 - Administrator - Disabled)
Gast (S-1-5-21-3354662138-887630912-1369600505-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3354662138-887630912-1369600505-1002 - Limited - Enabled)
Robert (S-1-5-21-3354662138-887630912-1369600505-1000 - Administrator - Enabled) => C:\Users\Robert

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1996373246.48.56.4008682 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Command & Conquer Alarmstufe Rot 2 (HKLM-x32\...\Red Alert 2) (Version:  - )
Command && Conquer Alarmstufe Rot 2 - Yuris Rache (HKLM-x32\...\Yuri's Revenge) (Version:  - )
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Die Schlacht um Mittelerde™ (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version:  - )
Die Völker (HKLM-x32\...\Die Völker) (Version:  - )
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM-x32\...\WOLAPI) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.0 - Tracker Software Products Ltd)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stardew Valley (HKLM-x32\...\Steam App 413150) (Version:  - ConcernedApe)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {194A528E-A242-4DEA-8537-4D17D8F04159} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {1CC03C66-2C0B-46B4-8906-3391E2247ECB} - System32\Tasks\{F921BEC6-DAF6-480F-AB96-05F3B44F2371} => C:\Users\Robert\Desktop\Spiele\Valve\hl.exe [2003-12-12] (Valve)
Task: {21C42F06-CA9D-459C-8B55-7322E05EBC9A} - System32\Tasks\{7C9C83D8-3ABA-4A93-A0C1-2FF1E5E52977} => pcalua.exe -a D:\setup.exe -d D:\
Task: {2F989ED7-8540-4028-B4B0-8EC6A946FD88} - System32\Tasks\LXVSXTINV => Rundll32.exe "C:\Windows\SysWOW64\C_10001H.dll",NHHBGJGVP
Task: {303E9713-32E9-40F9-B5F8-272B6C7584A2} - System32\Tasks\{F40D67C0-4279-4581-AC18-45D09739FF01} => pcalua.exe -a C:\Users\Robert\Downloads\world_in_conflict_1.000_to_1.010_de.exe -d C:\Users\Robert\Downloads
Task: {416A2B7D-68EA-4B2F-AFF6-B9D6D704C303} - System32\Tasks\{FBE9B1BF-41F4-4D1C-80B2-1EB5C3470678} => pcalua.exe -a C:\Windows\IsUn0407.exe -c -f"C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files (x86)\Common Files\3DO Shared\3DOUnInst.dll
Task: {43B49424-4D12-425A-8802-55003B694FFF} - System32\Tasks\{1F3C7839-6246-488D-BC65-F1F5125CC0BA} => C:\Users\Robert\Desktop\Spiele\Valve\hl.exe [2003-12-12] (Valve)
Task: {461AA158-E276-47A7-8E50-D309E2CBD467} - System32\Tasks\{34CE1536-D409-4EA4-914A-23462EB258EA} => pcalua.exe -a C:\Users\Robert\Downloads\world_in_conflict_1.010_to_1.011_de.exe -d C:\Users\Robert\Downloads
Task: {4CDD5196-3B8D-4B6A-839D-C2FB51C24C27} - System32\Tasks\{4D81DD00-E1DC-4197-BE9F-8DB73650E717} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}\ICQ7.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {4EBF17D7-3CF8-4018-8315-36B4F648F80A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {557DA7E3-2DE6-4759-A746-8CF0769FAD99} - System32\Tasks\{759F6D96-0445-48FE-A305-B3CD554CA582} => pcalua.exe -a C:\Users\Robert\EAUninstall.exe
Task: {65346C20-1861-4CB9-B2CA-598DE585C380} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7AAD53C4-9065-4D34-B925-0052D4EA4EBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {8943442E-49E2-41E8-ADDC-D1F8F865AC7E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {8BF554A4-A9C3-4D43-887D-70F7B245815F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8D138C3E-F7CC-4A5C-9716-68A25D165F18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-05] (Adobe Systems Incorporated)
Task: {979550E1-EA0A-46F8-898C-7D3D88C6BBAB} - System32\Tasks\{BB4C1846-BAD8-44CA-8D3A-F3AA691B4411} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {A2A8BFCC-D7EA-403E-8251-C4A2086973AC} - System32\Tasks\{AE1FE87C-44F4-42D4-9154-8F40FA65C567} => C:\Users\Robert\Desktop\Spiele\Valve\hl.exe [2003-12-12] (Valve)
Task: {BA2232D5-30F9-47B1-BA2C-71A116939012} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {DFFBCCD8-9ADC-4DC3-B5F9-21D05149A622} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {ED1D1698-99D7-489D-8129-FEBB95F3A654} - System32\Tasks\{C0EAF9F2-A347-451A-A13C-BA48A0CF3E8D} => pcalua.exe -a D:\autorun.exe -d D:\

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core.job => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA.job => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\LXVSXTINV.job => rundll32.exe  C:\Windows\SysWOW64\C_10001H.dll

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-01-30 14:52 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-10-05 20:11 - 2013-04-05 15:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2017-01-08 20:07 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-08 20:07 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-08 20:07 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7864 mehr Seiten.

IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7864 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: Onguv => C:\Users\Robert\AppData\Roaming\Sykeil\efup.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{0369B514-7B69-4C9B-87B2-303293472E92}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{A5B332B7-F86E-4F5A-9CCA-235F7510F23E}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D71860BE-E3F8-441A-A7A8-C02552BBCE0D}] => svchost.exe
FirewallRules: [{6C901340-7345-4585-A75E-9FC15E8A16E5}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{402AA36D-8329-4675-A7D6-975B82DD4C67}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BCBCF46E-1DD7-418B-82BF-4AF384264981}] => C:\Program Files (x86)\Codemasters\F1 2010\F1_2010_game.exe
FirewallRules: [{2F3617CC-0851-4EEA-A68E-464D27FFFE84}] => C:\Program Files (x86)\Codemasters\F1 2010\F1_2010_game.exe
FirewallRules: [{9857643A-D112-471B-913B-BE4C3B0818A5}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic.exe
FirewallRules: [{BF75BBFD-533B-4E2C-9097-F7B0BB84072C}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic.exe
FirewallRules: [{60869DB3-7486-47B4-B9F8-6FC078B0AF0F}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe
FirewallRules: [{069A4BB0-3A61-4920-A7CE-F4072901B5C4}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_online.exe
FirewallRules: [{28450C56-D563-428B-AF3C-258F010C3D79}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe
FirewallRules: [{509082FC-6DB8-4AFF-9591-F8D63C3EC476}] => C:\Program Files (x86)\Sierra Entertainment\WORLD IN CONFLICT\wic_ds.exe
FirewallRules: [{B495D6EC-9DFE-498F-B9FD-E44FDFDCC2F1}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{AE9BF5A1-F0E3-4C48-AE0B-B4236768FB58}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{76AC0227-A81D-4F0D-93ED-297F774C2187}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{D833D6FF-DDFC-4C0C-8AF0-5A36030FEA96}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BC5B3CEC-0289-463C-9B8E-A89650FD39D7}C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CDF600E5-9C53-4FE0-9443-72FC1F068037}C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\wc3 1.20e\warcraft iii\war3.exe
FirewallRules: [TCP Query User{266748DF-4478-4350-833A-FEC07B65D413}C:\westwood\c&c95\cncnet.exe] => C:\westwood\c&c95\cncnet.exe
FirewallRules: [UDP Query User{7AD0D820-AD6F-4040-97F6-201DD1D2F164}C:\westwood\c&c95\cncnet.exe] => C:\westwood\c&c95\cncnet.exe
FirewallRules: [TCP Query User{24C03EDE-C160-4688-A08E-131AF181A56B}C:\westwood\c&c95\c&c95.exe] => C:\westwood\c&c95\c&c95.exe
FirewallRules: [UDP Query User{5023F731-C46D-49BE-A8AC-86C18FC7B7E4}C:\westwood\c&c95\c&c95.exe] => C:\westwood\c&c95\c&c95.exe
FirewallRules: [{2CE17667-ED57-491D-9D39-FDABE0AFA5CA}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D88862CA-E46B-4CCF-9921-F857E4C3F503}] => C:\Users\Robert\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{AAAF6617-2A42-4EC4-8FF5-AB563E092943}C:\program files (x86)\tmunitedforever\tmforever.exe] => C:\program files (x86)\tmunitedforever\tmforever.exe
FirewallRules: [UDP Query User{AA2C671B-AA46-4ABA-8A4D-0FDF93CAD061}C:\program files (x86)\tmunitedforever\tmforever.exe] => C:\program files (x86)\tmunitedforever\tmforever.exe
FirewallRules: [TCP Query User{9873169B-083E-4947-A5DB-AFCAFF89C73B}C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe] => C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe
FirewallRules: [UDP Query User{E07C41A6-9798-4F26-8B90-56E08520B35C}C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe] => C:\users\robert\desktop\spiele\anno 1602 königs-edition\1602.exe
FirewallRules: [TCP Query User{95014A7A-B46D-4B6D-8606-4CDDDF3E61BA}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{6AFA9354-ECE2-48A5-B078-DEBB58FBFEB3}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8E6AC588-449A-42F4-872C-2194298A3C76}C:\users\robert\desktop\spiele\valve\hl.exe] => C:\users\robert\desktop\spiele\valve\hl.exe
FirewallRules: [UDP Query User{C3929860-D16D-4426-A1F8-68A0C3F1A57F}C:\users\robert\desktop\spiele\valve\hl.exe] => C:\users\robert\desktop\spiele\valve\hl.exe
FirewallRules: [TCP Query User{1DBB9404-3AEC-4A6B-8632-B5C6E87678E2}F:\spiele\soldat\soldat.exe] => F:\spiele\soldat\soldat.exe
FirewallRules: [UDP Query User{BC5918B5-531D-40EB-A27E-BB198622884E}F:\spiele\soldat\soldat.exe] => F:\spiele\soldat\soldat.exe
FirewallRules: [TCP Query User{5393BD87-9935-42F1-ABEE-A9F678D98822}C:\users\robert\desktop\spiele\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\warcraft iii\war3.exe
FirewallRules: [UDP Query User{D5BBEB8E-94FC-454C-BC67-329E26191361}C:\users\robert\desktop\spiele\warcraft iii\war3.exe] => C:\users\robert\desktop\spiele\warcraft iii\war3.exe
FirewallRules: [TCP Query User{6E929088-6384-41B4-9B84-4389252E0DB6}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{7E76E2D3-706C-402B-91A6-B1C1FEDB6B80}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{7ABAA210-AC46-4062-B675-6913ABCC9E06}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{170C59E6-A3B0-4CBE-B27F-AA6926CAFE77}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{853D9254-AA5A-4140-94DD-59DFC9F9B5DD}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{2CB9B5D0-3372-4937-A7F5-2C755BCC6908}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{20997A20-955F-4B02-BACE-A3D3D34CA39B}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{E5119369-0B74-42A2-85B4-DC0DE526C15B}] => C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{4E6D848B-5172-4D3D-B452-A38C9373EF41}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2DE32AB6-C739-4970-9527-1429BB973E09}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{D9DBA767-6CD4-46D5-A6C9-443FCDFD5E7C}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{D85D71E4-8C31-4FF1-933F-290404E4873E}C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe] => C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{8E50F9DA-8E63-4EF4-982F-F69ED3319C9B}] => LPort=2869
FirewallRules: [{5FAFDDF5-56CA-46D9-82C9-1BE58C2A3642}] => LPort=1900
FirewallRules: [{F2238305-6CB4-4992-8D6B-26717C0C9ABF}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F976FBFF-3052-428D-B79C-64E390182F96}] => C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{75042208-D466-4552-9CD5-BE09201E9184}C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe] => C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe
FirewallRules: [UDP Query User{C8C712AF-226E-4D58-BC1D-14922E7DCA30}C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe] => C:\users\robert\desktop\spiele\aoe2 addon\age2_x1.exe
FirewallRules: [{F556C798-AEEF-46EF-9285-B68BA00366A2}] => C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78D783B4-6DDE-44F0-85C2-20DE5295D196}] => C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{344EE8F7-B0FF-4672-A74D-3211E68BF448}C:\program files (x86)\steam\steam.exe] => C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{8FF4A34E-9A06-484A-A848-585503FAFBA0}C:\program files (x86)\steam\steam.exe] => C:\program files (x86)\steam\steam.exe
FirewallRules: [{545CE44B-E990-4FCB-8CAA-B0386F751137}] => C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{9728A747-6A59-47D1-A25D-60850F79C933}] => C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{9BFD6646-4F90-45FA-90CC-313313E6C14D}] => C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B6350B8E-56AC-4607-9813-72EC47D89914}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{A041F61B-B8FF-41B0-AFF3-414EEE9F11A5}] => C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{80747182-A972-436B-88C9-715DD35616CF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37003D26-B737-4C1F-B1FB-B54FE0E0EA90}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{21B035F5-28B8-408F-A965-E890EC626A09}] => C:\Program Files (x86)\EA GAMES\Die Schlacht um Mittelerde™\game.dat
FirewallRules: [{FCF40A3D-C487-4504-8EB5-4A988C068CC3}] => C:\Program Files (x86)\EA GAMES\Die Schlacht um Mittelerde™\game.dat
FirewallRules: [{BB739ABE-5D11-40E0-B102-2522BE86D73E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{653DAF3F-DE62-4833-A3CD-6D2D467565CB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E695658C-5A6D-4AAA-814D-200491C4B824}] => C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{6A77DD2D-F0C5-43CC-A55F-3C0455BA3160}] => C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{A4854C9D-C97D-49E3-8ED9-E6031D45AF18}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{497BB64E-3A52-4B7A-B1BE-CCB2ED175539}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{91BF4DB4-C725-485C-9178-F6AF51CC6A5D}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BDB23C12-CBEF-47EB-A4CA-D5D0891B5327}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{BEAF2D3B-4890-43E4-9CCD-42653773F17C}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F423CB39-17A1-4C79-82ED-E90BBA50763B}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FA921233-80B1-479C-9CE3-729B2BA00F20}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E80B26AC-ADAF-4AC2-8DBE-7E07CEE1876F}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{092C9983-FC57-4D86-8D00-56B62D643668}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{EB392683-C998-4187-B651-CBF1AF7842E2}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D14A2263-34CC-42CF-9D94-C8F8D87D1B20}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3368BED6-D62C-4591-9A1C-1DB57FC9A725}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{74B0A1F7-A056-4B0A-AC1A-1D80D18B58AE}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{9DF748DE-0E7F-4D21-AA41-9E50F42B6DD9}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{24B2DC67-38AE-449B-AC43-E3F8B33935A4}] => C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{CC734BB8-20B2-4DC1-8363-D9B3DB2D082F}] => C:\Program Files (x86)\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{84BDE66B-ABB1-463F-84FB-820E72ED572A}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1252E300-7D97-4786-8146-25BDAE0AC124}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{ECB815B0-0E7A-4C8C-8DD6-0346BEB48DE0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{36733DE0-6984-4960-969F-D6C9D2DF9797}] => LPort=30381

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/10/2017 05:32:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (01/10/2017 05:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LManager.exe, Version: 4.0.8.575, Zeitstempel: 0x4bbd5915
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x9bc
Startzeit der fehlerhaften Anwendung: 0x01d26b5e17f06e50
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Launch Manager\LManager.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 718bbe18-d751-11e6-bf1e-9466409afcbc

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/10/2017 05:22:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Uninstall key is not found for product {90140011-0066-0407-0000-0000000FF1CE}

Error: (01/10/2017 04:23:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.23418, Zeitstempel: 0x570898dc
Name des fehlerhaften Moduls: psdprotect.dll, Version: 3.1.206.0, Zeitstempel: 0x4b664312
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000012db
ID des fehlerhaften Prozesses: 0x13c8
Startzeit der fehlerhaften Anwendung: 0x01d26b55700ca89a
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
Berichtskennung: c447a3a6-d748-11e6-ba5a-8cc1ea36f4ba


Systemfehler:
=============
Error: (01/10/2017 11:40:42 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/10/2017 11:29:58 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/10/2017 11:19:46 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/10/2017 11:18:43 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (01/10/2017 05:26:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (01/10/2017 05:25:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (01/10/2017 05:25:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update Service (gupdate) erreicht.

Error: (01/10/2017 05:22:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (01/10/2017 05:20:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst konnte wegen einer fehlerhaften Anmeldung nicht gestartet werden.

Error: (01/10/2017 05:20:31 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
Die Anforderung wird nicht unterstützt.


Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 83%
Installierter physikalischer RAM: 3956.5 MB
Verfügbarer physikalischer RAM: 648.79 MB
Summe virtueller Speicher: 7911.18 MB
Verfügbarer virtueller Speicher: 2989.63 MB

==================== Laufwerke ================================

Drive c: (ACER) (Fixed) (Total:452.48 GB) (Free:67.03 GB) NTFS
Drive d: (YR1) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5E435E43)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

 

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
durchgeführt von Robert (Administrator) auf ROBERTLAPTOP (10-01-2017 23:29:37)
Gestartet von C:\Users\Robert\Desktop
Geladene Profile: Robert (Verfügbare Profile: Robert)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-23] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2017-01-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61640 2016-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4299E384-6288-4B2B-B6F3-5C3530462C9F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3354662138-887630912-1369600505-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010h906l04g8z175t47k1o180
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-23] (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726 [2017-01-10]
FF Extension: (Adblock Plus) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\go50fqdt.default-1457918395726\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-05]
FF Extension: (Click to call with Skype) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-10-29] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3354662138-887630912-1369600505-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-12-30] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (Google Präsentationen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-10]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Google-Suche) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcnhmeicafddjdaeecddemnhnomiaai [2015-01-06]
CHR Extension: (Google Tabellen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-10]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-10]
CHR Extension: (Google Mail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-10]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2017-01-05] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [Datei ist nicht signiert]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-05] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2017-01-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2017-01-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-19] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-19] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-10] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-10] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-10] (Malwarebytes)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-10 17:19 - 2017-01-10 17:24 - 00022363 _____ C:\Users\Robert\Desktop\Fixlog.txt
2017-01-10 16:49 - 2017-01-10 16:52 - 00050009 _____ C:\Users\Robert\Desktop\Addition.txt
2017-01-10 16:48 - 2017-01-10 23:36 - 00018087 _____ C:\Users\Robert\Desktop\FRST.txt
2017-01-10 01:39 - 2017-01-10 01:39 - 00004336 _____ C:\Users\Robert\Desktop\JRT.txt
2017-01-10 01:24 - 2017-01-10 01:24 - 01663040 _____ (Malwarebytes) C:\Users\Robert\Downloads\JRT.exe
2017-01-09 22:35 - 2017-01-09 22:36 - 03988944 _____ C:\Users\Robert\Downloads\AdwCleaner.exe
2017-01-09 22:02 - 2017-01-09 22:02 - 00001091 _____ C:\Users\Robert\Desktop\checkup.txt
2017-01-09 21:10 - 2017-01-09 21:10 - 00852798 _____ C:\Users\Robert\Downloads\SecurityCheck.exe
2017-01-09 02:47 - 2017-01-10 02:17 - 00048512 _____ C:\Users\Robert\Downloads\Addition.txt
2017-01-09 02:45 - 2017-01-10 02:17 - 00034015 _____ C:\Users\Robert\Downloads\FRST.txt
2017-01-09 02:40 - 2017-01-10 23:29 - 00000000 ____D C:\FRST
2017-01-09 00:42 - 2017-01-09 00:42 - 02419200 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2017-01-08 22:22 - 2017-01-10 01:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-08 22:21 - 2017-01-10 01:22 - 00000000 ____D C:\Users\Robert\Desktop\mbar
2017-01-08 22:18 - 2017-01-08 22:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Robert\Downloads\mbar-1.09.3.1001.exe
2017-01-08 20:08 - 2017-01-08 20:08 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-08 20:07 - 2017-01-10 17:22 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 20:07 - 2017-01-10 17:22 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-08 20:07 - 2017-01-10 17:22 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-08 20:07 - 2017-01-10 17:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-08 20:07 - 2017-01-08 20:07 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-08 20:07 - 2017-01-08 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 20:07 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 20:06 - 2017-01-08 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 20:06 - 2017-01-08 20:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 19:31 - 2017-01-08 19:31 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 19:26 - 2017-01-08 19:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-08 19:25 - 2017-01-08 20:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 18:45 - 2016-11-18 07:18 - 01457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Robert\Downloads\procexp64.exe
2017-01-08 15:55 - 2017-01-08 16:03 - 00000000 ____D C:\Users\Robert\Caro Fotos
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Steam
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\Chromium
2017-01-06 19:21 - 2017-01-06 19:21 - 00000000 ____D C:\Users\Robert\AppData\Local\CEF
2017-01-05 20:55 - 2017-01-10 22:48 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2017-01-05 20:44 - 2017-01-05 20:44 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-01-05 20:36 - 2017-01-09 01:10 - 00000000 ____D C:\Users\Robert\AppData\Roaming\StardewValley
2017-01-05 20:21 - 2017-01-05 20:21 - 00000222 _____ C:\Users\Robert\Desktop\Stardew Valley.url
2017-01-05 20:19 - 2017-01-05 20:19 - 00001140 _____ C:\Users\Public\Desktop\Avira Connect.lnk

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-10 23:33 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-10 23:33 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-10 22:57 - 2015-01-13 18:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-10 22:46 - 2012-11-16 18:25 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000UA.job
2017-01-10 22:46 - 2012-11-16 18:25 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354662138-887630912-1369600505-1000Core.job
2017-01-10 17:34 - 2010-10-31 17:55 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
2017-01-10 17:21 - 2013-08-06 18:32 - 00000314 _____ C:\Windows\Tasks\LXVSXTINV.job
2017-01-10 17:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-09 23:48 - 2014-11-15 23:57 - 00000000 ____D C:\AdwCleaner
2017-01-09 23:36 - 2012-06-23 18:50 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2017-01-09 12:55 - 2010-09-10 16:37 - 00700134 _____ C:\Windows\system32\perfh007.dat
2017-01-09 12:55 - 2010-09-10 16:37 - 00149984 _____ C:\Windows\system32\perfc007.dat
2017-01-09 12:55 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-09 12:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-09 02:38 - 2013-03-17 18:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-08 20:05 - 2012-10-18 14:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 18:44 - 2012-09-17 19:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Downloaded Installations
2017-01-08 15:55 - 2010-10-31 17:51 - 00000000 ____D C:\Users\Robert
2017-01-06 18:27 - 2016-05-20 13:46 - 00000000 ____D C:\Users\Robert\AppData\Local\ElevatedDiagnostics
2017-01-06 18:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-06 18:20 - 2016-10-29 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-06 18:20 - 2014-11-18 21:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-05 21:57 - 2015-01-13 18:58 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-05 21:57 - 2015-01-13 18:58 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-05 21:57 - 2015-01-13 18:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-05 21:57 - 2012-06-18 02:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 21:57 - 2010-05-07 00:25 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-05 21:10 - 2014-11-18 21:57 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-05 21:10 - 2014-11-18 21:57 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-05 20:57 - 2014-06-18 15:03 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2017-01-05 20:54 - 2014-11-18 21:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-05 20:54 - 2014-11-18 21:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-05 20:36 - 2010-10-31 19:09 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-05 20:36 - 2010-10-31 19:09 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-05 20:33 - 2015-04-14 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-05 20:24 - 2016-10-22 07:11 - 00035864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-01-05 20:24 - 2013-08-16 20:29 - 00176464 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-01-05 20:24 - 2013-08-16 20:29 - 00148032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-01-05 20:19 - 2014-08-07 12:58 - 00000000 ____D C:\ProgramData\Package Cache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-02-09 13:11 - 2014-02-09 13:11 - 0003584 _____ () C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-09 19:18 - 2014-11-09 19:18 - 0007625 _____ () C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
2010-05-07 00:57 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-08-01 03:33

==================== Ende von FRST.txt ============================



#13 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 10 January 2017 - 06:06 PM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:22 PM

Posted 14 January 2017 - 06:02 PM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Robertbert

Robertbert
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 15 January 2017 - 08:34 PM

Hey Jo, im sorry it took me this long.

 uSeRiNiT worked:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/16/2017 12:12:21 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

 * Sicherheitscenter (wscsvc) is not Running.
   Startup Type set to: Disabled

 * TBS [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 01/16/2017 12:18:17 AM
Execution time: 0 hours(s), 5 minute(s), and 56 seconds(s)

 

 

 

MBAM
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 08.01.17
Scan-Zeit: 20:09
Protokolldatei: Scan.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.5.1299
Komponentenversion: 1.0.43
Version des Aktualisierungspakets: 1.0.952
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: RobertLaptop\Robert

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 356700
Abgelaufene Zeit: 16 Min., 21 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.APNToolBar.Gen, HKCU\SOFTWARE\AskPartnerNetwork, Entfernung fehlgeschlagen, [10872], [186876],1.0.952

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.AnyProtect, C:\USERS\ROBERT\APPDATA\LOCAL\NSDFAC0.TMP, In Quarantäne, [11689], [299036],1.0.952

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

 

 

 

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Robert (administrator) on 16-01-2017 at 00:58:22
Running from "C:\Users\Robert\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users