Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Abbuchung vom Konto und Artemis!DFFB5A796C32

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.08.2014, 11:44   #1
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Guten Tag!

Eine Bekannte hat mich um Hilfe gebeten. Sie auf der Sparkassenseite, als eine Meldung auf dem Bildschirm erschien, in der sie aufgefordert wurde, eine per SMS zugesandte PIN einzugeben, was sie auch getan hat. Zuerst ist ihr nichts besonderes aufgefallen, aber auf dem nächsten Kontoauszug habe sie unbekannte Abbuchungen gefunden. Sie hat sich bereits an die Sparkasse und die Polizei gewendet. Es kann von mir nicht mehr nachvollzogen werden, ob sie auf eine Phishingmail hereingefallen ist.

Jedenfalls hat sie mir ihren Rechner (WIN 8) gegeben zur Durchsicht. Sie selber hat Scans laufen lassen, wonach eine Bedrohung gefunden wurde: Artemis!DFFB5A79C32

Ich habe mir den PC angesehen und bin da etwas stutzig geworden. Beim Start des Rechners erscheint ein Fenster mit dem Titel "FastScan 6.9.0) Laut Taskleiste handelt es sich um das Programm Trojan Remover FastScan.
Desweiteren ist auf dem Rechner das Programm Reimage Protector installiert, was laut meiner Bekannten die Warnmeldung mit Artemis ausgegeben hat. Sie hat glücklicherweise einen Bild gemacht:




Ausserdem ist Avira installiert, was sich aber über das Symbol nicht starten lässt. Beim Versuch, das Programm über die exe zu starten kommt die Meldung: "Dieses Programm wurde vom Systemadministrator geblockt."

Ich habe versucht FRST laufen zu lassen, dieser hängt aber seit 2 Stunden fest bei Google Chrome Plugins. Ich habe das Programm erst mal abgebrochen und bitte um Hilfe. Wie soll ich weiter vorgehen?
__________________
Grüsse aus dem Bergischen Land
Ludger

Geändert von ludibubi (22.08.2014 um 11:46 Uhr) Grund: Bilder waren zu groß

Alt 22.08.2014, 11:49   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Hi,

FRST löschen und neu laden, nochmal versuchen.
__________________

__________________

Alt 23.08.2014, 11:48   #3
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Hallo schrauber!

Irgendwie ist das komisch: Es funktioniert nicht. Ich habe auch die 32bit-Version versucht. Da kommt die Meldung, dass es die falsche Version ist. Also habe ich die 64er Version nochmal runtergeladen. Aber der selbe Effekt. Ich habe das Programm jetzt die ganze Nacht laufen lassen. Ab und zu bewegt sich mal der Balken ein Stück weiter und es steht oben immer noch: "Scanning Chrome: Plugins".

Kann man anders vorgehen?

Ich habe jetzt mal den Chrome deinstalliert und jetzt ist FRST durch.
Hier mal die Listings:

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:37 on 23/08/2014 (Angeliki)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by Angeliki (administrator) on HOME on 23-08-2014 12:37:35
Running from C:\Users\Angeliki\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Updater) C:\ProgramData\Updater\updater.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [481656 2013-11-20] (Updater)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [fst_de_138] => [X]
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1704720 2014-01-23] (Simply Super Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Cloud\updater.exe [19504200 2013-07-10] (Acer Incorporated)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [481656 2013-11-20] (Updater)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\RunOnce: [Uninstall C:\Users\Angeliki\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Angeliki\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs:  ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_17_ff&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyCtB0E0AyCyB0E0DtCtCtN0D0Tzu0SzzyEtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtC0CyCyBtAyDtG0CtB0E0AtGtDtByBtCtGzz0DyEtBtGtAtDyDzztDyBtBtAyD0DtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0ByBzzzz0CtA0BtGtC0FtD0AtGzzyEyDzztG0EtD0ByBtGyBzzyCzzyCtCzytDzzzy0Czy2Q&cr=936680400&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites03_14_17_ff&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyCtB0E0AyCyB0E0DtCtCtN0D0Tzu0SzzyEtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtC0CyCyBtAyDtG0CtB0E0AtGtDtByBtCtGzz0DyEtBtGtAtDyDzztDyBtBtAyD0DtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0ByBzzzz0CtA0BtGtC0FtD0AtGzzyEyDzztG0EtD0ByBtGyBzzyCzzyCtCzytDzzzy0Czy2Q&cr=936680400&ir=
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - DefaultScope {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4D4378B9-8AA0-410A-96F6-E854BFF743D5} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=722
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_17_ff&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyCtB0E0AyCyB0E0DtCtCtN0D0Tzu0SzzyEtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtC0CyCyBtAyDtG0CtB0E0AtGtDtByBtCtGzz0DyEtBtGtAtDyDzztDyBtBtAyD0DtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0ByBzzzz0CtA0BtGtC0FtD0AtGzzyEyDzztG0EtD0ByBtGyBzzyCzzyCtCzytDzzzy0Czy2Q&cr=936680400&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F41C16E54362C091&affID=120524&tt=160913_m1&tsp=5012
SearchScopes: HKCU - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = 
SearchScopes: HKCU - {4D4378B9-8AA0-410A-96F6-E854BFF743D5} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=722
SearchScopes: HKCU - {4DE22610-511B-44C3-816D-804C03071D65} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949&CUI=UN19520202821625626
SearchScopes: HKCU - {722BBE45-F192-4E39-B1B1-661512EE24F5} URL = hxxp://www.search.ask.com/web?tpid=SGT-V7&o=APN11004&pf=V7&p2=%5EB3Q%5EYYYYYY%5EYY%5EDE&gct=&itbv=12.9.1.2923&apn_uid=58FC9899-1880-4CBC-9840-15587E9619FA&apn_ptnrs=%5EB3Q&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_dbr=cr_31.0.1650.63&doi=2013-12-19&trgb=CR&q={searchTerms}&psv=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_17_ff&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyCtB0E0AyCyB0E0DtCtCtN0D0Tzu0SzzyEtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StD0E0E0DyDyC0EyCtGtB0DyE0AtGyBtAyC0CtG0ByCtD0FtGyC0D0EtCtC0DtD0BtDzyzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0ByBzzzz0CtA0BtGtC0FtD0AtGzzyEyDzztG0EtD0ByBtGyBzzyCzzyCtCzytDzzzy0Czy2Q&cr=1206822535&ir=
BHO: ClickMovie1-Downloaderv10 -> {11111111-1111-1111-1111-110611331117} -> C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-bho64.dll ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ClickMovie1-Downloaderv10 -> {11111111-1111-1111-1111-110611331117} -> C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-bho.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Websteroids -> {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -> C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
BHO-x32: Value Apps plugin -> {F63AAEDC-3602-49EF-AA45-262380A98980} -> C:\Users\Angeliki\AppData\Roaming\ValueApps\IE\MonPrx.dll No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://rts.dsrlte.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\user.js
FF SearchPlugin: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\searchplugins\keepmysearch.xml
FF SearchPlugin: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\searchplugins\Mysearchdial.xml
FF Extension: Avira Browser Safety - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\abs@avira.com [2014-07-15]
FF Extension: ClickMovie1-Downloaderv10 - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\LPESNIOB27154074@RO39491085.com [2014-08-19]
FF Extension: Websteroids - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\support@websteroidsapp.com [2014-01-06]
FF Extension: Boo.ly Shopping - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\getbooly@boo.ly.xpi [2014-06-23]
FF Extension: MySearchDial - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-03-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [chdboodilddefglllfoimeceomkpmkbi] - C:\Program Files (x86)\SaltarSmart\chdboodilddefglllfoimeceomkpmkbi.crx []
CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\Websteroids\Chrome\common.crx [2013-11-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2650696 2013-07-10] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-19] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-19] (globalUpdate) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-19] (Cherished Technololgy LIMITED) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
R2 SrvUpdater; C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [32256 2013-02-18] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
S2 InternetUpdater; "\InternetUpdater\InternetUpdaterService.exe" [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-07-14] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R1 {f5547162-5df2-4216-9d7d-87cc3068bb50}w64; C:\Windows\System32\drivers\{f5547162-5df2-4216-9d7d-87cc3068bb50}w64.sys [61120 2014-05-22] (StdLib)
S3 cpuz134; \??\C:\Users\Angeliki\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 12:37 - 2014-08-23 12:37 - 00023194 _____ () C:\Users\Angeliki\Desktop\FRST.txt
2014-08-23 12:37 - 2014-08-23 12:37 - 00000478 _____ () C:\Users\Angeliki\Desktop\defogger_disable.log
2014-08-22 18:26 - 2014-08-23 12:23 - 02102784 _____ (Farbar) C:\Users\Angeliki\Desktop\FRST64.exe
2014-08-22 10:00 - 2014-08-23 12:37 - 00000000 ____D () C:\FRST
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 _____ () C:\Users\Angeliki\defogger_reenable
2014-08-22 09:57 - 2014-08-23 12:36 - 00000000 ____D () C:\Users\Angeliki\Downloads\Trojaner-Board
2014-08-22 09:56 - 2014-08-22 09:56 - 00050477 _____ () C:\Users\Angeliki\Desktop\Defogger.exe
2014-08-20 09:37 - 2014-08-20 09:37 - 00000000 ____D () C:\Users\Angeliki\Documents\Simply Super Software
2014-08-19 20:08 - 2014-08-19 20:08 - 67128348 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.zip
2014-08-19 19:58 - 2014-08-19 19:59 - 67407296 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.mp4
2014-08-19 12:51 - 2014-08-19 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-19 12:51 - 2014-08-19 12:56 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 12:51 - 2014-08-19 12:51 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-19 12:13 - 2014-08-19 12:13 - 00000000 ____D () C:\Users\Angeliki\MediaEspresso
2014-08-19 12:11 - 2014-08-19 12:11 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-19 12:02 - 2014-08-19 12:07 - 00000000 ____D () C:\UBCD4Win
2014-08-19 11:37 - 2014-08-19 11:37 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-19 09:23 - 2014-08-19 09:23 - 00004024 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-08-19 09:22 - 2014-08-19 11:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-19 09:22 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-19 09:22 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-19 09:21 - 2014-08-23 12:20 - 00003838 _____ () C:\WINDOWS\Tasks\36ee57c3-8947-4007-a618-a70c2e71e4cc.job
2014-08-19 09:21 - 2014-08-23 12:20 - 00002630 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-4.job
2014-08-19 09:21 - 2014-08-23 12:20 - 00001888 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-1.job
2014-08-19 09:21 - 2014-08-23 12:20 - 00001744 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5_user.job
2014-08-19 09:21 - 2014-08-23 12:20 - 00001724 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5.job
2014-08-19 09:21 - 2014-08-23 12:20 - 00001454 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-2.job
2014-08-19 09:21 - 2014-08-19 09:21 - 00006848 _____ () C:\WINDOWS\System32\Tasks\36ee57c3-8947-4007-a618-a70c2e71e4cc
2014-08-19 09:21 - 2014-08-19 09:21 - 00005634 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-4
2014-08-19 09:21 - 2014-08-19 09:21 - 00004892 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-1
2014-08-19 09:21 - 2014-08-19 09:21 - 00004728 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5
2014-08-19 09:21 - 2014-08-19 09:21 - 00004458 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-2
2014-08-19 09:21 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files\005
2014-08-19 09:20 - 2014-08-23 12:20 - 00004520 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-11.job
2014-08-19 09:20 - 2014-08-23 12:20 - 00003158 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-3.job
2014-08-19 09:20 - 2014-08-23 12:20 - 00002296 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-7.job
2014-08-19 09:20 - 2014-08-23 12:20 - 00002244 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-6.job
2014-08-19 09:20 - 2014-08-23 12:20 - 00000902 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-19 09:20 - 2014-08-23 09:25 - 00000906 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-19 09:20 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files (x86)\ClickMovie1-Downloaderv10
2014-08-19 09:20 - 2014-08-19 09:20 - 00007524 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-11
2014-08-19 09:20 - 2014-08-19 09:20 - 00006162 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-3
2014-08-19 09:20 - 2014-08-19 09:20 - 00005300 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-7
2014-08-19 09:20 - 2014-08-19 09:20 - 00005248 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-6
2014-08-19 09:20 - 2014-08-19 09:20 - 00004272 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-08-19 09:20 - 2014-08-19 09:20 - 00003878 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-19 09:20 - 2014-08-19 09:20 - 00003642 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\globalUpdate
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-19 09:19 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-08-18 22:12 - 2014-08-18 22:12 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\Tuneup Pro
2014-08-18 21:59 - 2014-08-19 11:35 - 00000000 ____D () C:\Program Files\Reimage
2014-08-18 21:58 - 2014-08-19 09:20 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-08-18 12:42 - 2014-08-18 12:42 - 00000000 ____D () C:\Neuer Ordner
2014-08-16 21:36 - 2014-08-02 02:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-16 21:36 - 2014-08-02 02:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 11:07 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 11:07 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 11:07 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 11:07 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 11:07 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 11:07 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 11:07 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 11:07 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 11:07 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 11:07 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 11:07 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 11:07 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 11:07 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 11:07 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 11:07 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 11:07 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 11:07 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 11:07 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 11:07 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 11:07 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 11:07 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 11:07 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 11:07 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 11:07 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 11:07 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 11:07 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 11:07 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 11:07 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 11:07 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 11:07 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 11:06 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 11:06 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 11:06 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 11:06 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 11:06 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 11:06 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 11:06 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 11:06 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 11:06 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 11:06 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 11:06 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 11:06 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 11:06 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 11:06 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-14 11:05 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-14 11:05 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-14 11:05 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 11:05 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 11:05 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 11:05 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 11:05 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-14 11:05 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-14 11:05 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-14 11:05 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-14 11:05 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-14 11:05 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-14 11:05 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-14 11:05 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-14 11:05 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-14 11:05 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-14 11:05 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-14 11:05 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-14 11:05 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-14 11:05 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-14 11:05 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-14 11:05 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-14 11:05 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-14 11:05 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-14 11:05 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-14 11:05 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-14 11:05 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-14 11:05 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-14 11:05 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-14 11:05 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-14 11:05 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-14 11:05 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-14 11:05 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-14 11:05 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-14 11:05 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-14 11:05 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-14 11:05 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-14 11:05 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-14 11:05 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-14 11:05 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-14 11:05 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-14 11:05 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-14 11:05 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-14 11:05 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-14 11:05 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-14 11:05 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-14 11:04 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 11:04 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-14 11:04 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 11:04 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 11:04 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 11:04 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-14 11:04 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-14 11:04 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 11:04 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 11:04 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 11:04 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 11:04 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 11:04 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 11:04 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 11:04 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-14 11:04 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-14 11:04 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-14 11:04 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-14 11:04 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-14 11:04 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-14 11:04 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-14 11:04 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-14 11:04 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-14 11:04 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-14 11:04 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-14 11:04 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 11:04 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-14 11:04 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-11 19:31 - 2014-08-17 14:05 - 00000000 ____D () C:\Users\Angeliki\Desktop\INFINITI
2014-08-07 10:03 - 2014-08-23 12:21 - 00005132 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home
2014-08-03 21:11 - 2014-08-15 14:48 - 00000000 ____D () C:\ProgramData\AlxuwEtice
2014-07-29 21:18 - 2014-08-08 11:58 - 00000000 ____D () C:\Users\Angeliki\Desktop\Soccer
2014-07-29 11:06 - 2014-07-29 11:06 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000977 _____ () C:\Users\Public\Desktop\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\de.bmwi.businessplan
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Program Files (x86)\BMWi Businessplan
2014-07-29 11:04 - 2014-07-29 11:04 - 04713268 _____ () C:\Users\Angeliki\Desktop\businessplaner2014.zip
2014-07-24 21:21 - 2014-07-24 21:21 - 00001799 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files\iTunes
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files\iPod
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 12:37 - 2014-08-23 12:37 - 00023194 _____ () C:\Users\Angeliki\Desktop\FRST.txt
2014-08-23 12:37 - 2014-08-23 12:37 - 00000478 _____ () C:\Users\Angeliki\Desktop\defogger_disable.log
2014-08-23 12:37 - 2014-08-22 10:00 - 00000000 ____D () C:\FRST
2014-08-23 12:36 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Angeliki\Downloads\Trojaner-Board
2014-08-23 12:34 - 2013-02-23 17:40 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3567924045-1664620546-161872832-1002
2014-08-23 12:28 - 2014-04-21 23:07 - 00000314 _____ () C:\WINDOWS\Tasks\MySearchDial.job
2014-08-23 12:23 - 2014-08-22 18:26 - 02102784 _____ (Farbar) C:\Users\Angeliki\Desktop\FRST64.exe
2014-08-23 12:21 - 2014-08-07 10:03 - 00005132 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home
2014-08-23 12:21 - 2014-02-13 21:53 - 00000000 __RDO () C:\Users\Angeliki\SkyDrive
2014-08-23 12:20 - 2014-08-19 09:21 - 00003838 _____ () C:\WINDOWS\Tasks\36ee57c3-8947-4007-a618-a70c2e71e4cc.job
2014-08-23 12:20 - 2014-08-19 09:21 - 00002630 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-4.job
2014-08-23 12:20 - 2014-08-19 09:21 - 00001888 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-1.job
2014-08-23 12:20 - 2014-08-19 09:21 - 00001744 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5_user.job
2014-08-23 12:20 - 2014-08-19 09:21 - 00001724 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5.job
2014-08-23 12:20 - 2014-08-19 09:21 - 00001454 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-2.job
2014-08-23 12:20 - 2014-08-19 09:20 - 00004520 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-11.job
2014-08-23 12:20 - 2014-08-19 09:20 - 00003158 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-3.job
2014-08-23 12:20 - 2014-08-19 09:20 - 00002296 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-7.job
2014-08-23 12:20 - 2014-08-19 09:20 - 00002244 _____ () C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-6.job
2014-08-23 12:20 - 2014-08-19 09:20 - 00000902 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-23 12:20 - 2013-06-27 20:24 - 00000416 _____ () C:\WINDOWS\Tasks\Auto Lyrics Update.job
2014-08-23 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-23 11:41 - 2014-05-26 13:19 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-23 11:28 - 2013-02-28 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 10:54 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-23 10:53 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-23 10:52 - 2014-02-13 20:28 - 00000000 ____D () C:\Users\Angeliki
2014-08-23 09:32 - 2014-02-25 14:25 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25E4BB69-23D5-4330-B396-FC50A5468D9E}
2014-08-23 09:25 - 2014-08-19 09:20 - 00000906 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-22 18:03 - 2014-02-13 20:22 - 01381796 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-22 11:25 - 2013-11-14 00:18 - 00171760 _____ () C:\WINDOWS\PFRO.log
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 _____ () C:\Users\Angeliki\defogger_reenable
2014-08-22 09:56 - 2014-08-22 09:56 - 00050477 _____ () C:\Users\Angeliki\Desktop\Defogger.exe
2014-08-22 09:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-21 14:51 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-21 14:51 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-21 14:51 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-21 14:48 - 2013-08-22 16:46 - 00334355 _____ () C:\WINDOWS\setupact.log
2014-08-20 10:53 - 2014-01-31 16:09 - 00000000 ____D () C:\Users\Angeliki\Desktop\Παζαρι
2014-08-20 09:37 - 2014-08-20 09:37 - 00000000 ____D () C:\Users\Angeliki\Documents\Simply Super Software
2014-08-19 20:08 - 2014-08-19 20:08 - 67128348 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.zip
2014-08-19 19:59 - 2014-08-19 19:58 - 67407296 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.mp4
2014-08-19 12:56 - 2014-08-19 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-19 12:56 - 2014-08-19 12:51 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 12:51 - 2014-08-19 12:51 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-19 12:13 - 2014-08-19 12:13 - 00000000 ____D () C:\Users\Angeliki\MediaEspresso
2014-08-19 12:11 - 2014-08-19 12:11 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-19 12:11 - 2014-01-28 15:35 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\CyberLink
2014-08-19 12:11 - 2012-08-28 03:00 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-19 12:10 - 2014-01-28 15:35 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Cyberlink
2014-08-19 12:07 - 2014-08-19 12:02 - 00000000 ____D () C:\UBCD4Win
2014-08-19 11:37 - 2014-08-19 11:37 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-19 11:36 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-08-19 11:35 - 2014-08-18 21:59 - 00000000 ____D () C:\Program Files\Reimage
2014-08-19 11:34 - 2014-07-15 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 11:34 - 2014-07-15 16:33 - 00000000 ____D () C:\ProgramData\Avira
2014-08-19 11:34 - 2014-07-15 16:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-19 11:34 - 2014-03-26 20:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 09:23 - 2014-08-19 09:23 - 00004024 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-08-19 09:23 - 2013-12-09 21:43 - 00000004 _____ () C:\END
2014-08-19 09:22 - 2014-08-19 09:22 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-19 09:22 - 2014-08-19 09:22 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-08-19 09:21 - 2014-08-19 09:21 - 00006848 _____ () C:\WINDOWS\System32\Tasks\36ee57c3-8947-4007-a618-a70c2e71e4cc
2014-08-19 09:21 - 2014-08-19 09:21 - 00005634 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-4
2014-08-19 09:21 - 2014-08-19 09:21 - 00004892 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-1
2014-08-19 09:21 - 2014-08-19 09:21 - 00004728 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5
2014-08-19 09:21 - 2014-08-19 09:21 - 00004458 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-2
2014-08-19 09:21 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files\005
2014-08-19 09:21 - 2014-08-19 09:20 - 00000000 ____D () C:\Program Files (x86)\ClickMovie1-Downloaderv10
2014-08-19 09:21 - 2014-08-19 09:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-08-19 09:20 - 2014-08-19 09:20 - 00007524 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-11
2014-08-19 09:20 - 2014-08-19 09:20 - 00006162 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-3
2014-08-19 09:20 - 2014-08-19 09:20 - 00005300 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-7
2014-08-19 09:20 - 2014-08-19 09:20 - 00005248 _____ () C:\WINDOWS\System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-6
2014-08-19 09:20 - 2014-08-19 09:20 - 00004272 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-08-19 09:20 - 2014-08-19 09:20 - 00003878 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-19 09:20 - 2014-08-19 09:20 - 00003642 _____ () C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\globalUpdate
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-08-19 09:20 - 2014-08-18 21:58 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-08-19 09:02 - 2013-02-23 17:32 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Packages
2014-08-18 22:12 - 2014-08-18 22:12 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\Tuneup Pro
2014-08-18 21:53 - 2013-09-10 09:56 - 00000000 ____D () C:\Users\Angeliki\Desktop\Bewerbungen
2014-08-18 18:37 - 2013-09-17 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-18 18:37 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-18 18:35 - 2013-02-28 21:04 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 12:42 - 2014-08-18 12:42 - 00000000 ____D () C:\Neuer Ordner
2014-08-17 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-17 14:05 - 2014-08-11 19:31 - 00000000 ____D () C:\Users\Angeliki\Desktop\INFINITI
2014-08-17 14:05 - 2014-04-25 21:24 - 00000000 ____D () C:\Users\Angeliki\Desktop\ΘΕΑΤΡΟ
2014-08-16 21:35 - 2013-08-22 16:44 - 05146136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-16 14:50 - 2014-07-15 17:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-15 14:48 - 2014-08-03 21:11 - 00000000 ____D () C:\ProgramData\AlxuwEtice
2014-08-14 11:03 - 2014-05-27 20:41 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 11:00 - 2014-07-15 15:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 10:59 - 2014-07-01 20:09 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 10:59 - 2014-07-01 20:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 10:59 - 2014-07-01 20:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 10:59 - 2014-05-27 20:41 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 10:59 - 2014-05-27 20:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 10:59 - 2014-05-27 12:09 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 10:59 - 2014-04-14 19:11 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 10:59 - 2014-04-14 19:11 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 10:59 - 2014-04-14 18:44 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 10:59 - 2014-04-14 18:42 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 10:59 - 2014-04-14 18:42 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 10:59 - 2014-04-14 18:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-08 11:58 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\Angeliki\Desktop\Soccer
2014-08-07 09:48 - 2014-01-30 12:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-07 04:12 - 2014-08-14 11:04 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-14 11:04 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-07 00:38 - 2014-08-14 11:05 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 07:44 - 2014-08-14 11:05 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 05:56 - 2014-08-14 11:04 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 05:11 - 2014-08-14 11:04 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 02:17 - 2014-08-16 21:36 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-08-16 21:36 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 11:06 - 2014-07-29 11:06 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000977 _____ () C:\Users\Public\Desktop\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\de.bmwi.businessplan
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Program Files (x86)\BMWi Businessplan
2014-07-29 11:06 - 2014-03-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-29 11:04 - 2014-07-29 11:04 - 04713268 _____ () C:\Users\Angeliki\Desktop\businessplaner2014.zip
2014-07-25 16:52 - 2014-08-14 11:07 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 15:51 - 2014-08-14 11:07 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 15:28 - 2014-08-14 11:06 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-14 11:07 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-14 11:06 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 14:59 - 2014-08-14 11:07 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 14:40 - 2014-08-14 11:07 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-14 11:06 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 14:30 - 2014-08-14 11:06 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-14 11:07 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-14 11:06 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-14 11:07 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 14:17 - 2014-08-14 11:07 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 14:10 - 2014-08-14 11:07 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 14:08 - 2014-08-14 11:07 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-14 11:07 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-14 11:07 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-14 11:07 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-14 11:06 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 13:43 - 2014-08-14 11:06 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-14 11:06 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-14 11:07 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 13:34 - 2014-08-14 11:07 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-14 11:07 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-14 11:07 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-14 11:07 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 13:09 - 2014-08-14 11:06 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 13:07 - 2014-08-14 11:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 13:03 - 2014-08-14 11:07 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-14 11:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 12:26 - 2014-08-14 11:07 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-14 11:07 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-14 11:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-14 11:06 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-14 11:07 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-24 21:21 - 2014-07-24 21:21 - 00001799 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files\iTunes
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files\iPod
2014-07-24 21:21 - 2014-07-24 21:21 - 00000000 ____D () C:\Program Files (x86)\iTunes

Some content of TEMP:
====================
C:\Users\Angeliki\AppData\Local\Temp\nsk9840.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-23 11:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by Angeliki at 2014-08-23 12:37:57
Running from C:\Users\Angeliki\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.2.2722 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.2.2729 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Acer Incorporated)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.3004 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{D32367AC-8FCA-4DE8-A2C6-037AE14B4001}) (Version: 1.00.3012 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.3006.4 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.3006.6 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.3013 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
BMWi Businessplan (HKLM-x32\...\de.bmwi.businessplan) (Version: 1.4.0 - Bundesministerium für Wirtschaft und Energie)
BMWi Businessplan (x32 Version: 1.4.0 - Bundesministerium für Wirtschaft und Energie) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.4.001_WHQL (HKLM\...\Elantech) (Version: 11.6.4.001 - ELAN Microelectronic Corp.)
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.5.15 - Foto Online Service GmbH)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free RAR Extractor (HKLM-x32\...\{6CB794C8-218C-430E-BF70-8BFE235C7A43}) (Version: 1.2.0.0 - iWesoft)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Acer Incorporated)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mysearchdial (HKLM-x32\...\mysearchdial) (Version:  - Mysearchdial) <==== ATTENTION
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2009 - Acer)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Ihr Firmenname)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SoftwareUpdater (HKLM-x32\...\SoftwareUpdater) (Version:  - )
SopCast 3.2.9 (HKLM-x32\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Trojan Remover 6.9.0 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.0 - Simply Super Software)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Websteroids (HKLM-x32\...\Websteroids) (Version: 2.6.49 - Creative Island Media, LLC) <==== ATTENTION
WiseConvert (HKLM-x32\...\WiseConvert) (Version: 1.0 - WiseConvert)
YTD Video Downloader 4.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.1 - GreenTree Applications SRL)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (HKLM-x32\...\{90150000-001F-0408-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 09:15:47 Windows Update
17-08-2014 12:41:08 Windows Update
19-08-2014 07:32:20 Reimage Express Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0A44C2EE-8E21-46D9-BE0F-006D6B773CEA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1425A404-03FD-40B8-A08F-FAD67BAF07C8} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-19] (globalUpdate)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27F524C0-457E-4970-9BA8-6550F824823C} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {2A9D0E48-301F-4FFA-BD07-A24A2F97785E} - System32\Tasks\UpdaterEX => C:\Users\Angeliki\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30D751CE-86F1-4E34-AC8F-DA99B41906ED} - System32\Tasks\MySearchDial => C:\Users\Angeliki\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {35237995-955E-48A9-8D76-BB2A5841F4F4} - System32\Tasks\Yahoo! Search => C:\Users\Angeliki\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {359C21AA-CF82-46D7-9837-6DC8E0729FC5} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-2 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-2.exe [2014-08-19] ()
Task: {38F99AD0-63F8-4492-93B4-52987F561A98} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C31DE45-21B7-41F5-BB6A-BC594D34F9BE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {484DFB55-2A8C-4BDD-BA5A-273D538F1128} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B603A22-266C-42E3-AA86-4FDFE575D1E3} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
Task: {4C30E3DB-0647-4A33-8BE2-03AF7C571355} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4FD2FB71-1889-4F79-A692-E4425C842A1D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {51F99B12-A01B-479E-8FA4-56DA7C6A67E1} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {551EFBDB-86DE-4A15-B79B-D80A724BAF2C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {5B5EC2E0-1C1A-4B4A-BEEF-64C0936023EC} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {5DCC699A-7335-4AF1-BE0D-B68B4703E039} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-7 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-7.exe [2014-08-19] ()
Task: {64B2730D-6215-4D25-BD85-DC8F3DAD06DE} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-6 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-6.exe [2014-08-19] ()
Task: {65A6E07D-9A5F-40DB-92E4-3DE917940727} - System32\Tasks\Auto Lyrics Update => C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe <==== ATTENTION
Task: {68BA93EF-CA4F-448B-B0D2-3B81DA60C315} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DA3D5A4-C8AE-482A-91A0-4D7616E66848} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73A0AE8D-26E5-4EBC-A1FA-D8091F29BF4D} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73B53945-7A79-4455-A85A-BDCF0F46C522} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {784931AC-DC18-448B-8D40-155C1EF08C3E} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-4 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-4.exe [2014-08-19] ()
Task: {785558BB-F3D0-42B3-96C3-7E62B363020B} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7A48272A-F3B2-4135-B7EC-8E04F1463BDA} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5_user => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-5.exe [2014-08-19] ()
Task: {821555F7-61C5-4FF0-AF05-60F6F3780132} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-3 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-3.exe [2014-08-19] ()
Task: {8708F780-2572-419D-9A87-3669B9A526BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8EAC6258-6677-4859-9348-5433FA811AD6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9A73E40C-A280-4AB9-8A11-0658E801924D} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-1 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe [2014-08-19] ()
Task: {9EC5E189-582E-4F05-8949-435A96769CD1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {9F8A4BBA-C7D9-4B7A-886D-7271DD5B8641} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-07-13] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A13F3E32-760C-48AE-B0FC-164EC7ACDFB5} - System32\Tasks\36ee57c3-8947-4007-a618-a70c2e71e4cc => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-4.exe [2014-08-19] ()
Task: {A24640D7-2C00-4128-A492-61F8819F3C96} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {A72083A4-EC26-4FE0-B9FE-645E5102CD1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {AD86395F-A25E-45CF-A839-4CD65138ABF3} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-5.exe [2014-08-19] ()
Task: {B0CCC0F2-9175-4326-9407-6C202227E484} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-19] (globalUpdate)
Task: {B535EE04-8C3D-4E0F-8B8E-56A31DCD9579} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {BD45DA63-8FF8-47E7-9461-BD096C1F9B95} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-18] (Microsoft Corporation)
Task: {CC57DF7F-DEFC-44CA-BC40-1BD6818C992D} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-07-13] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB4CA3FF-18D0-4D3A-9F5E-AAFBEB09AEC8} - System32\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-11 => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-11.exe [2014-08-19] ()
Task: {DEC3FC2C-B999-4F60-B639-68B0651992F1} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-07-14] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\36ee57c3-8947-4007-a618-a70c2e71e4cc.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-4.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-1.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\ClickMovie1-Downloaderv10-codedownloader.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-11.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-11.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-2.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-2.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-3.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-3.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-4.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-4.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-5.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-5.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-6.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-6.exe™/agentregpath='ClickMovie1-Downloaderv10-nv' /appid=63317 /srcid='001820' /subid='0' /zdata='0' /bic=8CAB49A070FC467B96148AD1565F4428IE /verifier=b8730748b92b968bd197eb84feec4279 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408432821 /statsdomain=hxxp://stats.inputgenserv.com /errorsdomain=hxxp://errors.inputgenserv.com /codedownloaddomain=hxxp://cr.install-daddy.com /defbro=ie /DllName32ToInjectToChrome='e06a2f27-a36d-4fc5-a738-ed60db46d714.dll' /DllName64ToInjectToChrome='3de23504-e542-484a-a3ff-25724b0eda2d.dll' /nova64bitexe='9f3badf5-c230-49a2-9936-1c75535410c6-64.exe
Task: C:\WINDOWS\Tasks\9f3badf5-c230-49a2-9936-1c75535410c6-7.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6-7.exe³/updateapp /agentregpath='ClickMovie1-Downloaderv10-nv' /appid=63317 /srcid='001820' /subid='0' /zdata='0' /bic=8CAB49A070FC467B96148AD1565F4428IE /verifier=b8730748b92b968bd197eb84feec4279 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408432821 /statsdomain=hxxp://stats.inputgenserv.com /errorsdomain=hxxp://errors.inputgenserv.com /codedownloaddomain=hxxp://cr.install-daddy.com /defbro=ie /DllName32ToInjectToChrome='e06a2f27-a36d-4fc5-a738-ed60db46d714.dll' /DllName64ToInjectToChrome='3de23504-e542-484a-a3ff-25724b0eda2d.dll' /nova64bitexe='9f3badf5-c230-49a2-9936-1c75535410c6-64.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Auto Lyrics Update.job => C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\MySearchDial.job => C:\Users\Angeliki\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Angeliki\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-24 19:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-18 09:52 - 2013-02-18 09:52 - 00032256 _____ () C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
2014-07-28 18:17 - 2014-08-19 09:22 - 00098816 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2013-02-28 20:30 - 2013-01-22 22:41 - 00093768 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-08-07 09:50 - 2014-08-07 09:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-28 18:17 - 2014-08-19 09:22 - 00724480 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-31 17:45 - 2012-07-31 17:45 - 00384128 _____ () c:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-07-31 17:40 - 2012-07-31 17:40 - 00020992 _____ () c:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-07-13 01:01 - 2012-07-13 01:01 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-07-13 01:01 - 2012-07-13 01:01 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-28 02:26 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-28 18:17 - 2014-08-19 09:22 - 00086016 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2012-07-31 01:04 - 2012-07-31 01:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2014-06-23 10:42 - 2014-06-23 10:42 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:AD022376
AlternateDataStreams: C:\Users\Angeliki\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 11:10:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/23/2014 11:10:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/23/2014 11:10:28 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error: (08/23/2014 10:52:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 21.8.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1230

Startzeit: 01cfbe25e477e2fc

Endzeit: 547

Anwendungspfad: C:\Users\Angeliki\Desktop\FRST64.exe

Berichts-ID: ba42159c-2aa2-11e4-befd-74e54362ea67

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/23/2014 08:31:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38277594

Error: (08/23/2014 08:31:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38277594

Error: (08/23/2014 08:31:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2014 09:54:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14563

Error: (08/22/2014 09:54:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14563

Error: (08/22/2014 09:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/23/2014 10:57:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/23/2014 10:57:03 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1326

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/23/2014 10:54:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/23/2014 10:54:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Internet Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/23/2014 10:53:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.

Error: (08/23/2014 10:53:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst CCDMonitorService erreicht.

Error: (08/23/2014 10:52:35 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/23/2014 10:52:35 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/23/2014 10:52:35 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

Error: (08/23/2014 10:52:35 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


Microsoft Office Sessions:
=========================
Error: (08/23/2014 11:10:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (08/23/2014 11:10:29 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (08/23/2014 11:10:28 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (08/23/2014 10:52:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe21.8.2014.0123001cfbe25e477e2fc547C:\Users\Angeliki\Desktop\FRST64.exeba42159c-2aa2-11e4-befd-74e54362ea67

Error: (08/23/2014 08:31:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38277594

Error: (08/23/2014 08:31:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38277594

Error: (08/23/2014 08:31:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/22/2014 09:54:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14563

Error: (08/22/2014 09:54:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14563

Error: (08/22/2014 09:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 3914.27 MB
Available physical RAM: 2551.85 MB
Total Pagefile: 5130.27 MB
Available Pagefile: 3429.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:445.11 GB) (Free:367.36 GB) NTFS
Drive d: (Meine Dateien) (CDROM) (Total:1.25 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 767B3A65)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Gmer kann ich aber nicht posten, da beim Start des Programms eine Fehlermeldung kommt:
"C:\WINDOWS\system32\config\System: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird."
__________________
__________________

Alt 24.08.2014, 06:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.08.2014, 09:53   #5
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Revo gibt z.B. bei mysearchdial eine Fehlermeldung aus: Uninstall ist fehlgeschlagen! Vermutlich ungültiger deinstall-Befehl. Ich habe dann mal weiter geklickt und bei den Registry-Einträgen alle ausgewählt. Das Programm wird aber nicht entfernt.

Nachtrag: Habe den Rechner mal neu gestartet. Jetzt kommt zwar auch noch die Meldung mit dem ungültigen deinstall-Befehl, aber das Programm lässt sich über die Registry-Einträge entfernen. Die Meldung mit dem fehlenden deinstall-Befehl kommt übrigens bei allen Einträgen.

__________________
Grüsse aus dem Bergischen Land
Ludger

Geändert von ludibubi (24.08.2014 um 09:58 Uhr) Grund: Ergänzung

Alt 24.08.2014, 10:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Das kommt wenn der mitgebrachte Uninstaller fehl schläft. Deswegen ja Revo, weiter klicken, Reg bereinigen, Order löschen lassen wenn vorhanden, dann die 3 Tools.
__________________
--> Abbuchung vom Konto und Artemis!DFFB5A796C32

Alt 24.08.2014, 11:53   #7
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Hier sind die Logs:

Malwarebyte
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 24.08.2014 11:07:31, SYSTEM, HOME, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, 
Update, 24.08.2014 11:07:57, SYSTEM, HOME, Manual, Malware Database, 2014.3.4.9, 2014.8.24.2, 

(end)
         
Das Protokoll erscheint mir komisch. MWB hat jede Menge Einträge gefunden und in Quarantäne verschoben. Unter dem angegebenen Pfad Verlauf/Anwendugnsprotokolle wird aber nur das oben gepostete angezeigt.

ADW-Cleaner
Code:
ATTFilter
# AdwCleaner v3.308 - Bericht erstellt am 24/08/2014 um 11:48:08
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Angeliki - HOME
# Gestartet von : C:\Users\Angeliki\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : InternetUpdater
Dienst Gelöscht : SrvUpdater
Dienst Gelöscht : {f5547162-5df2-4216-9d7d-87cc3068bb50}w64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\RHelpers
Ordner Gelöscht : C:\ProgramData\Updater
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wiseconvert
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Desk 365
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\WinZip Registry Optimizer
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\wiseconvert
Ordner Gelöscht : C:\Program Files (x86)\ClickMovie1-Downloaderv10
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Users\Angeliki\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Angeliki\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Angeliki\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Angeliki\AppData\Local\Pay-By-Ads
Ordner Gelöscht : C:\Users\Angeliki\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Angeliki\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Angeliki\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Angeliki\AppData\LocalLow\ClickMovie1-Downloaderv10
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\Tuneup Pro
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\ValueApps
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Angeliki\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Angeliki\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Angeliki\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Angeliki\AppData\Local\Software
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\support@websteroidsapp.com
Ordner Gelöscht : C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\LPESNIOB27154074@RO39491085.com
Datei Gelöscht : C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\drivers\{f5547162-5df2-4216-9d7d-87cc3068bb50}w64.sys
Datei Gelöscht : C:\Users\Angeliki\daemonprocess.txt
Datei Gelöscht : C:\Users\Angeliki\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\user.js

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : Auto Lyrics Update
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : LaunchSignup
Task Gelöscht : MySearchDial
Task Gelöscht : UpdaterEX
Task Gelöscht : 36ee57c3-8947-4007-a618-a70c2e71e4cc
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-1
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-11
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-2
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-3
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-4
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-5
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-5_user
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-6
Task Gelöscht : 9f3badf5-c230-49a2-9936-1c75535410c6-7

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\chdboodilddefglllfoimeceomkpmkbi
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\d2df8ae168ed40
Schlüssel Gelöscht : HKLM\SOFTWARE\d2df8ae168ed40
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0063317.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0063317.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0063317.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0063317.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331117}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335517}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336617}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644334417}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331117}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611331117}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611331117}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331117}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335517}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336617}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331117}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\VuuPC
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AutoLyrics
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ClickMovie1-Downloaderv10
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\FreeSoftToday
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\SoftwareUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tuneup Pro
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\Vittalia
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\ClickMovie1-Downloaderv10
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "dsites03_14_17_ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyByE0EyDyEtAyCtB0E0AyCyB0E0DtCtCtN0D0Tzu0SzzyEtBtN1L2XzutBtFtCzztFtBtFyBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtC0CyCyBtAyDtG0CtB0E0At[...]
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "936680400");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "140305_a");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [22869 octets] - [24/08/2014 11:39:50]
AdwCleaner[S0].txt - [20383 octets] - [24/08/2014 11:48:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20444 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Angeliki on 24.08.2014 at 12:00:38,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3567924045-1664620546-161872832-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4DE22610-511B-44C3-816D-804C03071D65}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{722BBE45-F192-4E39-B1B1-661512EE24F5}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.08.2014 at 12:04:03,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hierzu eine Anmerkung: Es soll ja die Anitivirensoftware deaktiviert werden. Das auf dem Rechner installierte Programm Reimage Protector existiert nicht mehr und Avira Desktop läßt sich nicht öffnen. Avira kann auch nicht deinstalliert werden, da kommt die Meldung, dass ich nicht genügend Rechte besitze (obwohl als Administrator angemeldet)
__________________
Grüsse aus dem Bergischen Land
Ludger

Alt 24.08.2014, 12:40   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.08.2014, 21:05   #9
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Sorry, etwas später geworden. Hier die gewünschten Logs:

Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 01
Ran by Angeliki at 2014-08-24 14:10:25 Run:1
Running from C:\Users\Angeliki\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2fa2a0f4fa444e43b68b506591eeab38
# engine=19814
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-24 01:27:05
# local_time=2014-08-24 03:27:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 17033 4587624 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3448375 13270346 0 0
# scanned=61085
# found=25
# cleaned=0
# scan_time=3633
sh=129DE3ABE0F872FF113072DAD3DB248579E2C01C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\76f78963-f7dc-48ab-9750-9bd8fa613184.crx.vir"
sh=C9A1271E06EB44C1F00FCD2EA6A80E4731BAE2CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6.crx.vir"
sh=1A73ED945F2A6F839CFFB694A991CEEA092F9228 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6.xpi.vir"
sh=C9A1271E06EB44C1F00FCD2EA6A80E4731BAE2CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\e06a2f27-a36d-4fc5-a738-ed60db46d714.crx.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=6D337B7209C2E4837F4075D44D5928D0F4BC54E6 ft=1 fh=c71c0011cc6930ff vn="Win32/Vittalia.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen.dll.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=FE395FACFD20A4FA66F916BEFDFC54F73CEF5AB4 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.26.zip.vir"
sh=BB900DA01730BE487E51DEE4FF3D9B63DC326556 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=77CF5CD5F0563B3142C47FB0E9B72FD03180A9DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js.vir"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Roaming\OpenCandy\AD4D57BBFB2544008E2C906B64FE4580\conduitinstaller.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2fa2a0f4fa444e43b68b506591eeab38
# engine=19814
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-24 03:43:05
# local_time=2014-08-24 05:43:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 25193 4595784 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3456535 13278506 0 0
# scanned=177935
# found=43
# cleaned=0
# scan_time=7566
sh=DEED1C44272A545E0344924ED231EDAA77BF3EC0 ft=1 fh=1aeae5f20a15ffae vn="Variante von Win32/ExFriendAlert.B evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3567924045-1664620546-161872832-1002\$RCOXEOH\IE\common.dll"
sh=3E370E371FABAABF8A6B74826EB8EAAFBC696E50 ft=1 fh=dfbc752766eb1ac2 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=129DE3ABE0F872FF113072DAD3DB248579E2C01C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\76f78963-f7dc-48ab-9750-9bd8fa613184.crx.vir"
sh=C9A1271E06EB44C1F00FCD2EA6A80E4731BAE2CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6.crx.vir"
sh=1A73ED945F2A6F839CFFB694A991CEEA092F9228 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\9f3badf5-c230-49a2-9936-1c75535410c6.xpi.vir"
sh=C9A1271E06EB44C1F00FCD2EA6A80E4731BAE2CA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClickMovie1-Downloaderv10\e06a2f27-a36d-4fc5-a738-ed60db46d714.crx.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=6EDEB37C1A25EFEB40AF3A8E9C36B903F0C06BEC ft=1 fh=a74444f61e0162b4 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=0B7A9148B50C95FEA9571E5BC99CE7F5FA73DBAC ft=1 fh=77d317daa664ba42 vn="Variante von MSIL/Vittalia.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.vir"
sh=6D337B7209C2E4837F4075D44D5928D0F4BC54E6 ft=1 fh=c71c0011cc6930ff vn="Win32/Vittalia.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\KeyGen.dll.vir"
sh=560C65A41BA761A13E1F408F4003A8DC27EA6343 ft=1 fh=5a7a9914b1aa1d46 vn="Variante von MSIL/Vittalia.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SoftwareUpdater\UpdaterService.exe.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=FE395FACFD20A4FA66F916BEFDFC54F73CEF5AB4 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.26.zip.vir"
sh=E82E13F7D26D4C250008098680272781E167EB4E ft=1 fh=119edbfb62eeea2f vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=1D4B59F434D5A712CF21CFE8209ECB6A63D3F004 ft=1 fh=c71c0011b5c71b16 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=BB900DA01730BE487E51DEE4FF3D9B63DC326556 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=6EDEB37C1A25EFEB40AF3A8E9C36B903F0C06BEC ft=1 fh=a74444f61e0162b4 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=77CF5CD5F0563B3142C47FB0E9B72FD03180A9DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\LPESNIOB27154074@RO39491085.com\extensionData\plugins\91.js.vir"
sh=CF6185A9EDFBA0217C9D36D25CA9F6ADCC9F6BC8 ft=1 fh=f90d49fcbe154eac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Roaming\OpenCandy\AD4D57BBFB2544008E2C906B64FE4580\conduitinstaller.exe.vir"
sh=DFECF2EF095EBFBC521FB88A25F9B3BB3ECF38E7 ft=1 fh=cdac443fed42defe vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angeliki\AppData\Roaming\ValueApps\IE\Valueapps_new.exe.vir"
sh=7F8E18A2E0BA11295D0CDAA81104E4896B84AC2F ft=1 fh=473853ca0f47624e vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ReimageExpress.com\ExpressSetup.exe"
sh=A43599F45FCE8AFF15384876720ACC2E1F5A9EF7 ft=1 fh=ff7ad1e290fdf332 vn="Variante von Win32/Kryptik.CILO Trojaner" ac=I fn="C:\ProgramData\AlxuwEtice\AlxuwEtice.dat"
sh=A43599F45FCE8AFF15384876720ACC2E1F5A9EF7 ft=1 fh=ff7ad1e290fdf332 vn="Variante von Win32/Kryptik.CILO Trojaner" ac=I fn="C:\Users\All Users\AlxuwEtice\AlxuwEtice.dat"
sh=1E35D63EBF3D1214A53E718DCAE84EC2A63AFB39 ft=1 fh=abbd31e3c3dab272 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Angeliki\AppData\Local\nsaD9D9.tmp"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Angeliki\Desktop\PDFCreator-1_6_2_setup.exe"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=5A66C171963EC6CD5840A912571F2E0FEB40D43E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[2].7z"
sh=567F7670AC05037B3D666088C2B25036098F2AA7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=5A66C171963EC6CD5840A912571F2E0FEB40D43E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\AskToolbarInstaller-AVIRA-V7[2].7z"
         
Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	14.0.0.145  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01
Ran by Angeliki (administrator) on HOME on 24-08-2014 21:59:36
Running from C:\Users\Angeliki\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [fst_de_138] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Cloud\updater.exe [19504200 2013-07-10] (Acer Incorporated)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\RunOnce: [Uninstall C:\Users\Angeliki\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Angeliki\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs:  ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4D4378B9-8AA0-410A-96F6-E854BFF743D5} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=722
SearchScopes: HKCU - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = 
SearchScopes: HKCU - {4D4378B9-8AA0-410A-96F6-E854BFF743D5} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=722
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://rts.dsrlte.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\searchplugins\keepmysearch.xml
FF Extension: Avira Browser Safety - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\abs@avira.com [2014-07-15]
FF Extension: Boo.ly Shopping - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\getbooly@boo.ly.xpi [2014-06-23]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-03-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2650696 2013-07-10] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-07-14] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Angeliki\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 21:59 - 2014-08-24 21:59 - 00015941 _____ () C:\Users\Angeliki\Desktop\FRST.txt
2014-08-24 21:59 - 2014-08-24 21:59 - 00000631 _____ () C:\Users\Angeliki\Desktop\checkup.txt
2014-08-24 21:58 - 2014-08-24 21:58 - 00854417 _____ () C:\Users\Angeliki\Desktop\SecurityCheck.exe
2014-08-24 14:11 - 2014-08-24 14:12 - 02347384 _____ (ESET) C:\Users\Angeliki\Downloads\esetsmartinstaller_deu.exe
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Users\Angeliki\Desktop\FRST-OlderVersion
2014-08-24 12:04 - 2014-08-24 12:04 - 00001397 _____ () C:\Users\Angeliki\Desktop\JRT.txt
2014-08-24 12:00 - 2014-08-24 12:00 - 01016261 _____ (Thisisu) C:\Users\Angeliki\Desktop\JRT.exe
2014-08-24 12:00 - 2014-08-24 12:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-24 11:55 - 2014-08-24 11:55 - 00020585 _____ () C:\Users\Angeliki\Desktop\AdwCleaner[S0].txt
2014-08-24 11:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-24 11:39 - 2014-08-24 11:49 - 00000000 ____D () C:\AdwCleaner
2014-08-24 11:38 - 2014-08-24 11:38 - 01364531 _____ () C:\Users\Angeliki\Desktop\adwcleaner_3.308.exe
2014-08-24 11:38 - 2014-08-24 11:38 - 00000253 _____ () C:\Users\Angeliki\Desktop\mwbam.txt
2014-08-24 11:07 - 2014-08-24 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 11:07 - 2014-08-24 11:07 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-24 11:07 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-24 11:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-24 11:05 - 2014-08-24 11:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angeliki\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-24 10:42 - 2014-08-24 10:42 - 00001284 _____ () C:\Users\Angeliki\Desktop\Revo Uninstaller.lnk
2014-08-24 10:42 - 2014-08-24 10:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-24 10:41 - 2014-08-24 10:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angeliki\Desktop\revosetup95.exe
2014-08-23 12:39 - 2014-08-23 12:39 - 00380416 _____ () C:\Users\Angeliki\Desktop\Gmer-19357.exe
2014-08-23 12:37 - 2014-08-23 12:37 - 00000478 _____ () C:\Users\Angeliki\Desktop\defogger_disable.log
2014-08-22 18:26 - 2014-08-24 12:31 - 02103296 _____ (Farbar) C:\Users\Angeliki\Desktop\FRST64.exe
2014-08-22 10:00 - 2014-08-24 21:59 - 00000000 ____D () C:\FRST
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 _____ () C:\Users\Angeliki\defogger_reenable
2014-08-22 09:57 - 2014-08-23 12:36 - 00000000 ____D () C:\Users\Angeliki\Downloads\Trojaner-Board
2014-08-22 09:56 - 2014-08-22 09:56 - 00050477 _____ () C:\Users\Angeliki\Desktop\Defogger.exe
2014-08-19 20:08 - 2014-08-19 20:08 - 67128348 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.zip
2014-08-19 19:58 - 2014-08-19 19:59 - 67407296 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.mp4
2014-08-19 12:13 - 2014-08-19 12:13 - 00000000 ____D () C:\Users\Angeliki\MediaEspresso
2014-08-19 12:11 - 2014-08-19 12:11 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-19 12:02 - 2014-08-19 12:07 - 00000000 ____D () C:\UBCD4Win
2014-08-19 09:21 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files\005
2014-08-19 09:20 - 2014-08-19 09:20 - 00004272 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-19 09:19 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-08-18 21:58 - 2014-08-19 09:20 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-08-18 12:42 - 2014-08-18 12:42 - 00000000 ____D () C:\Neuer Ordner
2014-08-16 21:36 - 2014-08-02 02:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-16 21:36 - 2014-08-02 02:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 11:07 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 11:07 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 11:07 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 11:07 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 11:07 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 11:07 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 11:07 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 11:07 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 11:07 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 11:07 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 11:07 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 11:07 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 11:07 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 11:07 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 11:07 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 11:07 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 11:07 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 11:07 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 11:07 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 11:07 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 11:07 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 11:07 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 11:07 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 11:07 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 11:07 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 11:07 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 11:07 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 11:07 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 11:07 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 11:07 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 11:06 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 11:06 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 11:06 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 11:06 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 11:06 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 11:06 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 11:06 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 11:06 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 11:06 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 11:06 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 11:06 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 11:06 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 11:06 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 11:06 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-14 11:05 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-14 11:05 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-14 11:05 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 11:05 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 11:05 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 11:05 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 11:05 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-14 11:05 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-14 11:05 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-14 11:05 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-14 11:05 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-14 11:05 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-14 11:05 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-14 11:05 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-14 11:05 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-14 11:05 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-14 11:05 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-14 11:05 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-14 11:05 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-14 11:05 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-14 11:05 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-14 11:05 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-14 11:05 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-14 11:05 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-14 11:05 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-14 11:05 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-14 11:05 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-14 11:05 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-14 11:05 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-14 11:05 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-14 11:05 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-14 11:05 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-14 11:05 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-14 11:05 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-14 11:05 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-14 11:05 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-14 11:05 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-14 11:05 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-14 11:05 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-14 11:05 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-14 11:05 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-14 11:05 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-14 11:05 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-14 11:05 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-14 11:05 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-14 11:05 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-14 11:04 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 11:04 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-14 11:04 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 11:04 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 11:04 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 11:04 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-14 11:04 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-14 11:04 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 11:04 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 11:04 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 11:04 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 11:04 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 11:04 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 11:04 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 11:04 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-14 11:04 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-14 11:04 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-14 11:04 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-14 11:04 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-14 11:04 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-14 11:04 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-14 11:04 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-14 11:04 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-14 11:04 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-14 11:04 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-14 11:04 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 11:04 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-14 11:04 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-11 19:31 - 2014-08-17 14:05 - 00000000 ____D () C:\Users\Angeliki\Desktop\INFINITI
2014-08-07 10:03 - 2014-08-24 16:25 - 00005132 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home
2014-08-03 21:11 - 2014-08-15 14:48 - 00000000 ____D () C:\ProgramData\AlxuwEtice
2014-07-29 21:18 - 2014-08-08 11:58 - 00000000 ____D () C:\Users\Angeliki\Desktop\Soccer
2014-07-29 11:06 - 2014-07-29 11:06 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000977 _____ () C:\Users\Public\Desktop\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\de.bmwi.businessplan
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Program Files (x86)\BMWi Businessplan
2014-07-29 11:04 - 2014-07-29 11:04 - 04713268 _____ () C:\Users\Angeliki\Desktop\businessplaner2014.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-24 21:59 - 2014-08-24 21:59 - 00015941 _____ () C:\Users\Angeliki\Desktop\FRST.txt
2014-08-24 21:59 - 2014-08-24 21:59 - 00000631 _____ () C:\Users\Angeliki\Desktop\checkup.txt
2014-08-24 21:59 - 2014-08-22 10:00 - 00000000 ____D () C:\FRST
2014-08-24 21:58 - 2014-08-24 21:58 - 00854417 _____ () C:\Users\Angeliki\Desktop\SecurityCheck.exe
2014-08-24 21:41 - 2014-05-26 13:19 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-24 16:47 - 2014-02-25 14:25 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25E4BB69-23D5-4330-B396-FC50A5468D9E}
2014-08-24 16:25 - 2014-08-07 10:03 - 00005132 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home
2014-08-24 14:12 - 2014-08-24 14:11 - 02347384 _____ (ESET) C:\Users\Angeliki\Downloads\esetsmartinstaller_deu.exe
2014-08-24 14:06 - 2014-02-13 21:53 - 00000000 __RDO () C:\Users\Angeliki\SkyDrive
2014-08-24 12:46 - 2014-08-24 11:07 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 12:31 - 2014-08-24 12:31 - 00000000 ____D () C:\Users\Angeliki\Desktop\FRST-OlderVersion
2014-08-24 12:31 - 2014-08-22 18:26 - 02103296 _____ (Farbar) C:\Users\Angeliki\Desktop\FRST64.exe
2014-08-24 12:08 - 2013-02-23 17:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3567924045-1664620546-161872832-1002
2014-08-24 12:04 - 2014-08-24 12:04 - 00001397 _____ () C:\Users\Angeliki\Desktop\JRT.txt
2014-08-24 12:00 - 2014-08-24 12:00 - 01016261 _____ (Thisisu) C:\Users\Angeliki\Desktop\JRT.exe
2014-08-24 12:00 - 2014-08-24 12:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-24 11:55 - 2014-08-24 11:55 - 00020585 _____ () C:\Users\Angeliki\Desktop\AdwCleaner[S0].txt
2014-08-24 11:50 - 2013-11-14 00:18 - 00172358 _____ () C:\WINDOWS\PFRO.log
2014-08-24 11:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-24 11:49 - 2014-08-24 11:39 - 00000000 ____D () C:\AdwCleaner
2014-08-24 11:49 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-24 11:48 - 2014-02-13 20:28 - 00000000 ____D () C:\Users\Angeliki
2014-08-24 11:38 - 2014-08-24 11:38 - 01364531 _____ () C:\Users\Angeliki\Desktop\adwcleaner_3.308.exe
2014-08-24 11:38 - 2014-08-24 11:38 - 00000253 _____ () C:\Users\Angeliki\Desktop\mwbam.txt
2014-08-24 11:07 - 2014-08-24 11:07 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2013-10-23 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 11:06 - 2014-08-24 11:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Angeliki\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-24 11:01 - 2014-02-13 20:22 - 01414522 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-24 10:42 - 2014-08-24 10:42 - 00001284 _____ () C:\Users\Angeliki\Desktop\Revo Uninstaller.lnk
2014-08-24 10:42 - 2014-08-24 10:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-24 10:41 - 2014-08-24 10:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angeliki\Desktop\revosetup95.exe
2014-08-24 10:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-23 12:39 - 2014-08-23 12:39 - 00380416 _____ () C:\Users\Angeliki\Desktop\Gmer-19357.exe
2014-08-23 12:37 - 2014-08-23 12:37 - 00000478 _____ () C:\Users\Angeliki\Desktop\defogger_disable.log
2014-08-23 12:36 - 2014-08-22 09:57 - 00000000 ____D () C:\Users\Angeliki\Downloads\Trojaner-Board
2014-08-23 11:28 - 2013-02-28 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 _____ () C:\Users\Angeliki\defogger_reenable
2014-08-22 09:56 - 2014-08-22 09:56 - 00050477 _____ () C:\Users\Angeliki\Desktop\Defogger.exe
2014-08-21 14:51 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-21 14:51 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-21 14:51 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-21 14:48 - 2013-08-22 16:46 - 00334355 _____ () C:\WINDOWS\setupact.log
2014-08-20 10:53 - 2014-01-31 16:09 - 00000000 ____D () C:\Users\Angeliki\Desktop\Παζαρι
2014-08-19 20:08 - 2014-08-19 20:08 - 67128348 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.zip
2014-08-19 19:59 - 2014-08-19 19:58 - 67407296 _____ () C:\Users\Angeliki\Desktop\Mihailo Golman Pantelic.mp4
2014-08-19 12:13 - 2014-08-19 12:13 - 00000000 ____D () C:\Users\Angeliki\MediaEspresso
2014-08-19 12:11 - 2014-08-19 12:11 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-19 12:11 - 2014-01-28 15:35 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\CyberLink
2014-08-19 12:11 - 2012-08-28 03:00 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-19 12:10 - 2014-01-28 15:35 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Cyberlink
2014-08-19 12:07 - 2014-08-19 12:02 - 00000000 ____D () C:\UBCD4Win
2014-08-19 11:34 - 2014-07-15 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-19 11:34 - 2014-07-15 16:33 - 00000000 ____D () C:\ProgramData\Avira
2014-08-19 11:34 - 2014-07-15 16:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-19 11:34 - 2014-03-26 20:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 09:21 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files\005
2014-08-19 09:21 - 2014-08-19 09:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-08-19 09:20 - 2014-08-19 09:20 - 00004272 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-19 09:20 - 2014-08-18 21:58 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-08-19 09:02 - 2013-02-23 17:32 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Packages
2014-08-18 21:53 - 2013-09-10 09:56 - 00000000 ____D () C:\Users\Angeliki\Desktop\Bewerbungen
2014-08-18 18:37 - 2013-09-17 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-18 18:37 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-18 18:35 - 2013-02-28 21:04 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 12:42 - 2014-08-18 12:42 - 00000000 ____D () C:\Neuer Ordner
2014-08-17 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-17 14:05 - 2014-08-11 19:31 - 00000000 ____D () C:\Users\Angeliki\Desktop\INFINITI
2014-08-17 14:05 - 2014-04-25 21:24 - 00000000 ____D () C:\Users\Angeliki\Desktop\ΘΕΑΤΡΟ
2014-08-16 21:35 - 2013-08-22 16:44 - 05146136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-16 14:50 - 2014-07-15 17:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-15 14:48 - 2014-08-03 21:11 - 00000000 ____D () C:\ProgramData\AlxuwEtice
2014-08-14 11:03 - 2014-05-27 20:41 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 11:00 - 2014-07-15 15:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 10:59 - 2014-07-01 20:09 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 10:59 - 2014-07-01 20:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 10:59 - 2014-07-01 20:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 10:59 - 2014-05-27 20:41 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 10:59 - 2014-05-27 20:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 10:59 - 2014-05-27 12:09 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 10:59 - 2014-04-14 19:11 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 10:59 - 2014-04-14 19:11 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 10:59 - 2014-04-14 18:44 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 10:59 - 2014-04-14 18:42 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 10:59 - 2014-04-14 18:42 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 10:59 - 2014-04-14 18:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-08 11:58 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\Angeliki\Desktop\Soccer
2014-08-07 09:48 - 2014-01-30 12:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-07 04:12 - 2014-08-14 11:04 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-14 11:04 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-07 00:38 - 2014-08-14 11:05 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 07:44 - 2014-08-14 11:05 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 05:56 - 2014-08-14 11:04 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 05:11 - 2014-08-14 11:04 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 02:17 - 2014-08-16 21:36 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-08-16 21:36 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 11:06 - 2014-07-29 11:06 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000977 _____ () C:\Users\Public\Desktop\BMWi Businessplan.lnk
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\de.bmwi.businessplan
2014-07-29 11:06 - 2014-07-29 11:06 - 00000000 ____D () C:\Program Files (x86)\BMWi Businessplan
2014-07-29 11:06 - 2014-03-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-29 11:04 - 2014-07-29 11:04 - 04713268 _____ () C:\Users\Angeliki\Desktop\businessplaner2014.zip
2014-07-25 16:52 - 2014-08-14 11:07 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 15:51 - 2014-08-14 11:07 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 15:28 - 2014-08-14 11:06 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-14 11:07 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-14 11:06 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 14:59 - 2014-08-14 11:07 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 14:40 - 2014-08-14 11:07 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-14 11:06 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 14:30 - 2014-08-14 11:06 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-14 11:07 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-14 11:06 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-14 11:07 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 14:17 - 2014-08-14 11:07 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 14:10 - 2014-08-14 11:07 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 14:08 - 2014-08-14 11:07 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-14 11:07 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-14 11:07 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-14 11:07 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-14 11:06 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 13:43 - 2014-08-14 11:06 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-14 11:06 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-14 11:07 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 13:34 - 2014-08-14 11:07 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-14 11:07 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-14 11:07 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-14 11:07 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 13:09 - 2014-08-14 11:06 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 13:07 - 2014-08-14 11:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 13:03 - 2014-08-14 11:07 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-14 11:06 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 12:26 - 2014-08-14 11:07 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-14 11:07 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-14 11:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-14 11:06 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-14 11:07 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

Some content of TEMP:
====================
C:\Users\Angeliki\AppData\Local\Temp\nsk9840.tmp.exe
C:\Users\Angeliki\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-24 12:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Nachtrag: Habe gerade mal versucht, Avira zu starten. Es hat geklappt - alle Dienste arbeiten einwandfrei. Sieht gut aus!

Eine Bitte: Kannst du mir ganz kurz erklären, welche Seuche auf dem Rechner war und ob das was mit den Abbuchungen vom Konto zu tun hat?
__________________
Grüsse aus dem Bergischen Land
Ludger

Geändert von ludibubi (24.08.2014 um 21:10 Uhr) Grund: Ergänzung

Alt 25.08.2014, 12:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\AlxuwEtice
HKLM-x32\...\Run: [fst_de_138] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Aber dem Rechner war überwiegend nur Adware. Wenn war es Phishing, aber auch Adware kann Passwörter abgreifen.

Auf jeden Fall alle PW ändern!!


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.08.2014, 18:15   #11
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Hallo schrauber,

ich muss dich um etwas Geduld bitten. Ich bin heute morgen am Auge operiert worden und kann deshalb im Moment nicht viel am PC machen. Ich denke mal, dass es in 2/3 Tagen wieder besser geht. Bis dann.
__________________
Grüsse aus dem Bergischen Land
Ludger

Alt 27.08.2014, 16:05   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.09.2014, 20:47   #13
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Hallo schrauber!

Sorry, dass es etwas gedauert hat. Hier sind noch die beiden Logs:

Fixlog
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Angeliki at 2014-09-02 18:29:42 Run:2
Running from C:\Users\Angeliki\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\AlxuwEtice
HKLM-x32\...\Run: [fst_de_138] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

*****************

C:\ProgramData\AlxuwEtice => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_de_138 => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
ReimageRealTimeProtector => Service deleted successfully.

==== End of Fixlog ====
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Angeliki (administrator) on HOME on 02-09-2014 18:24:58
Running from C:\Users\Angeliki\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-07-31] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [fst_de_138] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Cloud\updater.exe [19504200 2013-07-10] (Acer Incorporated)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3567924045-1664620546-161872832-1002\...\RunOnce: [Uninstall C:\Users\Angeliki\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Angeliki\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs:  ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {4D4378B9-8AA0-410A-96F6-E854BFF743D5} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=722
SearchScopes: HKCU - {27F65250-AF5A-444A-8178-FF00DC9B3778} URL = 
SearchScopes: HKCU - {4D4378B9-8AA0-410A-96F6-E854BFF743D5} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=722
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://rts.dsrlte.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\searchplugins\keepmysearch.xml
FF Extension: Avira Browser Safety - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\abs@avira.com [2014-07-15]
FF Extension: Boo.ly Shopping - C:\Users\Angeliki\AppData\Roaming\Mozilla\Firefox\Profiles\6gzrl9lc.default\Extensions\getbooly@boo.ly.xpi [2014-06-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Angeliki\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-07] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2650696 2013-07-10] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1335344 2014-01-23] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [856112 2014-01-23] (pdfforge GmbH)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-28] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-07-14] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-28] (Dritek System Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Angeliki\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:24 - 2014-09-02 18:24 - 00020163 _____ () C:\Users\Angeliki\Desktop\FRST.txt
2014-09-02 18:23 - 2014-09-02 18:23 - 02104832 _____ (Farbar) C:\Users\Angeliki\Desktop\FRST64.exe
2014-09-02 18:22 - 2014-09-02 18:22 - 02104832 _____ (Farbar) C:\Users\Angeliki\Downloads\FRST64.exe
2014-08-28 09:07 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 19:18 - 2014-08-27 19:18 - 00040448 _____ () C:\Users\Angeliki\Downloads\Absolute_Bezuege.xls
2014-08-26 09:34 - 2014-08-26 09:34 - 00000000 ____D () C:\Users\Angeliki\Desktop\Businessplan
2014-08-26 09:30 - 2014-08-26 09:32 - 00000000 ____D () C:\Users\Angeliki\Desktop\Schadensfall SSK
2014-08-26 09:29 - 2014-08-26 09:29 - 00001538 _____ () C:\Users\Angeliki\Desktop\PDF Architect - Verknüpfung.lnk
2014-08-26 09:19 - 2014-08-26 09:20 - 00000000 ___RD () C:\Users\Angeliki\Creative Cloud Files
2014-08-26 09:17 - 2014-08-26 09:17 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-26 09:04 - 2014-08-26 09:04 - 00000000 ____D () C:\Users\Angeliki\Documents\PDF Architect Files
2014-08-26 09:04 - 2014-08-26 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-08-26 09:04 - 2014-08-26 09:04 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-08-26 09:03 - 2014-08-26 09:03 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\PDF Software
2014-08-25 20:58 - 2014-08-25 20:58 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Microsoft Help
2014-08-25 20:57 - 2014-08-25 20:57 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Deployment
2014-08-25 20:57 - 2014-08-25 20:57 - 00000000 ____D () C:\Users\Dinos\AppData\Local\clear.fi
2014-08-25 20:57 - 2014-08-25 20:57 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Apps\2.0
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Avira
2014-08-25 17:39 - 2014-09-02 09:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3567924045-1664620546-161872832-1005
2014-08-25 17:37 - 2014-09-02 15:27 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AC4AA699-A697-488E-8E71-83209B9B9959}
2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 __SHD () C:\Users\Dinos\AppData\Local\EmieUserList
2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 __SHD () C:\Users\Dinos\AppData\Local\EmieSiteList
2014-08-25 17:35 - 2014-08-30 13:51 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Adobe
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\Documents\Bluetooth Folder
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Atheros
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Apple Computer
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Local\BMExplorer
2014-08-25 17:34 - 2014-08-26 10:10 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Packages
2014-08-25 17:34 - 2014-08-25 17:56 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Adobe
2014-08-25 17:34 - 2014-08-25 17:34 - 00001454 _____ () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-25 17:34 - 2014-08-25 17:34 - 00000020 ___SH () C:\Users\Dinos\ntuser.ini
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Vorlagen
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Startmenü
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Netzwerkumgebung
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Lokale Einstellungen
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Eigene Dateien
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Druckumgebung
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Documents\Eigene Musik
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Documents\Eigene Bilder
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\AppData\Local\Verlauf
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\AppData\Local\Anwendungsdaten
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Anwendungsdaten
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\lm
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos\AppData\Local\VirtualStore
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos
2014-08-25 17:34 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Macromedia
2014-08-25 17:34 - 2014-07-15 17:34 - 00000000 ___RD () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-25 17:34 - 2014-07-15 17:34 - 00000000 ___RD () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-25 17:34 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-08-25 17:34 - 2014-02-22 06:37 - 00000369 _____ () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-08-25 17:34 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-25 17:34 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-24 23:14 - 2014-09-02 08:55 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Adobe
2014-08-24 23:13 - 2014-08-24 23:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-24 23:13 - 2014-08-24 23:13 - 00002043 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-24 23:07 - 2014-08-24 23:07 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\pdfforge
2014-08-24 23:07 - 2014-08-24 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-24 23:07 - 2014-08-24 23:07 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-24 23:07 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\WINDOWS\system32\pdfcmon.dll
2014-08-24 12:00 - 2014-08-24 12:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-24 11:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-24 11:39 - 2014-08-24 11:49 - 00000000 ____D () C:\AdwCleaner
2014-08-24 11:07 - 2014-08-24 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-24 11:07 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-24 11:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-24 10:42 - 2014-08-24 10:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-22 10:00 - 2014-09-02 18:25 - 00000000 ____D () C:\FRST
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 _____ () C:\Users\Angeliki\defogger_reenable
2014-08-19 12:13 - 2014-08-19 12:13 - 00000000 ____D () C:\Users\Angeliki\MediaEspresso
2014-08-19 12:11 - 2014-08-19 12:11 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-19 12:02 - 2014-08-19 12:07 - 00000000 ____D () C:\UBCD4Win
2014-08-19 09:21 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files\005
2014-08-19 09:20 - 2014-08-19 09:20 - 00004272 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-19 09:19 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-08-18 21:58 - 2014-08-19 09:20 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-08-18 12:42 - 2014-08-18 12:42 - 00000000 ____D () C:\Neuer Ordner
2014-08-16 21:36 - 2014-08-02 02:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-16 21:36 - 2014-08-02 02:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 11:07 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-14 11:07 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-14 11:07 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-14 11:07 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-14 11:07 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-14 11:07 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-14 11:07 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-14 11:07 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-14 11:07 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-14 11:07 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-14 11:07 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-14 11:07 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-14 11:07 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-14 11:07 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-14 11:07 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-14 11:07 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-14 11:07 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-14 11:07 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-14 11:07 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-14 11:07 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-14 11:07 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-14 11:07 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-14 11:07 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-14 11:07 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-14 11:07 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-14 11:07 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-14 11:07 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-14 11:07 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-14 11:07 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-14 11:07 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-14 11:06 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-14 11:06 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-14 11:06 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-14 11:06 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-14 11:06 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-14 11:06 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-14 11:06 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 11:06 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-14 11:06 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-14 11:06 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-14 11:06 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-14 11:06 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-14 11:06 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-14 11:06 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-14 11:05 - 2014-08-07 00:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-14 11:05 - 2014-08-02 07:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-14 11:05 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-14 11:05 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-14 11:05 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-14 11:05 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-14 11:05 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-14 11:05 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-14 11:05 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-14 11:05 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-14 11:05 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-14 11:05 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-14 11:05 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-14 11:05 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-14 11:05 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-14 11:05 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-14 11:05 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-14 11:05 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-14 11:05 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-14 11:05 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-14 11:05 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-14 11:05 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-14 11:05 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-14 11:05 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-14 11:05 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-14 11:05 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-14 11:05 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-14 11:05 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-14 11:05 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-14 11:05 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-14 11:05 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-14 11:05 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-14 11:05 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-14 11:05 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-14 11:05 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-14 11:05 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-14 11:05 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-14 11:05 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-14 11:05 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-14 11:05 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-14 11:05 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-14 11:05 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-14 11:05 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-14 11:05 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-14 11:05 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-14 11:05 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-14 11:05 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-14 11:05 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-14 11:04 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-14 11:04 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-14 11:04 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-14 11:04 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-14 11:04 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-14 11:04 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-14 11:04 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-14 11:04 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-14 11:04 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-14 11:04 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-14 11:04 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-14 11:04 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-14 11:04 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 11:04 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-14 11:04 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-14 11:04 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-14 11:04 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-14 11:04 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-14 11:04 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-14 11:04 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-14 11:04 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-14 11:04 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-14 11:04 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-14 11:04 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-14 11:04 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-14 11:04 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-14 11:04 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-14 11:04 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-11 19:31 - 2014-08-17 14:05 - 00000000 ____D () C:\Users\Angeliki\Desktop\INFINITI
2014-08-07 10:03 - 2014-08-28 13:50 - 00005132 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home
2014-08-03 21:11 - 2014-08-15 14:48 - 00000000 ____D () C:\ProgramData\AlxuwEtice

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:25 - 2014-09-02 18:24 - 00020163 _____ () C:\Users\Angeliki\Desktop\FRST.txt
2014-09-02 18:25 - 2014-08-22 10:00 - 00000000 ____D () C:\FRST
2014-09-02 18:23 - 2014-09-02 18:23 - 02104832 _____ (Farbar) C:\Users\Angeliki\Desktop\FRST64.exe
2014-09-02 18:22 - 2014-09-02 18:22 - 02104832 _____ (Farbar) C:\Users\Angeliki\Downloads\FRST64.exe
2014-09-02 18:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-02 17:41 - 2014-05-26 13:19 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-02 15:34 - 2014-02-25 14:25 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25E4BB69-23D5-4330-B396-FC50A5468D9E}
2014-09-02 15:27 - 2014-08-25 17:37 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AC4AA699-A697-488E-8E71-83209B9B9959}
2014-09-02 10:44 - 2014-02-13 20:22 - 02029578 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-02 09:33 - 2013-02-23 17:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3567924045-1664620546-161872832-1002
2014-09-02 09:12 - 2014-08-25 17:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3567924045-1664620546-161872832-1005
2014-09-02 09:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-02 09:03 - 2014-01-31 16:09 - 00000000 ____D () C:\Users\Angeliki\Desktop\Παζαρι
2014-09-02 08:55 - 2014-08-24 23:14 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Adobe
2014-08-30 13:55 - 2014-02-13 21:53 - 00000000 ___DO () C:\Users\Angeliki\SkyDrive
2014-08-30 13:51 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Adobe
2014-08-30 13:49 - 2014-01-30 12:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-30 13:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-30 13:46 - 2013-08-22 16:44 - 05149672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-30 13:45 - 2013-11-14 00:18 - 00174176 _____ () C:\WINDOWS\PFRO.log
2014-08-28 13:51 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-28 13:50 - 2014-08-07 10:03 - 00005132 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME-Angeliki Home
2014-08-28 09:51 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-27 19:18 - 2014-08-27 19:18 - 00040448 _____ () C:\Users\Angeliki\Downloads\Absolute_Bezuege.xls
2014-08-27 10:41 - 2013-02-23 17:32 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Packages
2014-08-26 14:39 - 2013-10-15 11:02 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Microsoft Help
2014-08-26 14:35 - 2014-02-14 09:46 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Deployment
2014-08-26 10:38 - 2013-03-06 12:59 - 00000000 ____D () C:\Users\Angeliki\Desktop\DINO
2014-08-26 10:10 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Packages
2014-08-26 09:34 - 2014-08-26 09:34 - 00000000 ____D () C:\Users\Angeliki\Desktop\Businessplan
2014-08-26 09:32 - 2014-08-26 09:30 - 00000000 ____D () C:\Users\Angeliki\Desktop\Schadensfall SSK
2014-08-26 09:32 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\Angeliki\Desktop\Soccer
2014-08-26 09:32 - 2013-09-10 09:56 - 00000000 ____D () C:\Users\Angeliki\Desktop\Bewerbungen
2014-08-26 09:29 - 2014-08-26 09:29 - 00001538 _____ () C:\Users\Angeliki\Desktop\PDF Architect - Verknüpfung.lnk
2014-08-26 09:20 - 2014-08-26 09:19 - 00000000 ___RD () C:\Users\Angeliki\Creative Cloud Files
2014-08-26 09:19 - 2014-02-13 20:28 - 00000000 ____D () C:\Users\Angeliki
2014-08-26 09:19 - 2013-02-23 17:32 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\Adobe
2014-08-26 09:17 - 2014-08-26 09:17 - 00001333 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-26 09:16 - 2014-03-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-26 09:04 - 2014-08-26 09:04 - 00000000 ____D () C:\Users\Angeliki\Documents\PDF Architect Files
2014-08-26 09:04 - 2014-08-26 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2014-08-26 09:04 - 2014-08-26 09:04 - 00000000 ____D () C:\Program Files (x86)\PDF Architect
2014-08-26 09:03 - 2014-08-26 09:03 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\PDF Software
2014-08-25 20:58 - 2014-08-25 20:58 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Microsoft Help
2014-08-25 20:57 - 2014-08-25 20:57 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Deployment
2014-08-25 20:57 - 2014-08-25 20:57 - 00000000 ____D () C:\Users\Dinos\AppData\Local\clear.fi
2014-08-25 20:57 - 2014-08-25 20:57 - 00000000 ____D () C:\Users\Dinos\AppData\Local\Apps\2.0
2014-08-25 17:56 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Adobe
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Avira
2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 __SHD () C:\Users\Dinos\AppData\Local\EmieUserList
2014-08-25 17:37 - 2014-08-25 17:37 - 00000000 __SHD () C:\Users\Dinos\AppData\Local\EmieSiteList
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\Documents\Bluetooth Folder
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Atheros
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\Apple Computer
2014-08-25 17:35 - 2014-08-25 17:35 - 00000000 ____D () C:\Users\Dinos\AppData\Local\BMExplorer
2014-08-25 17:35 - 2012-08-28 02:45 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-25 17:34 - 2014-08-25 17:34 - 00001454 _____ () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-25 17:34 - 2014-08-25 17:34 - 00000020 ___SH () C:\Users\Dinos\ntuser.ini
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Vorlagen
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Startmenü
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Netzwerkumgebung
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Lokale Einstellungen
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Eigene Dateien
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Druckumgebung
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Documents\Eigene Musik
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Documents\Eigene Bilder
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\AppData\Local\Verlauf
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\AppData\Local\Anwendungsdaten
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 _SHDL () C:\Users\Dinos\Anwendungsdaten
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos\AppData\Roaming\lm
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos\AppData\Local\VirtualStore
2014-08-25 17:34 - 2014-08-25 17:34 - 00000000 ____D () C:\Users\Dinos
2014-08-25 17:34 - 2013-02-23 17:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-08-24 23:13 - 2014-08-24 23:13 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-24 23:13 - 2014-08-24 23:13 - 00002043 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-24 23:12 - 2014-03-26 20:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-24 23:07 - 2014-08-24 23:07 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\pdfforge
2014-08-24 23:07 - 2014-08-24 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-08-24 23:07 - 2014-08-24 23:07 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-08-24 23:06 - 2014-07-15 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 23:06 - 2014-07-15 16:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-24 23:06 - 2014-03-26 20:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 23:00 - 2014-07-15 16:33 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 12:46 - 2014-08-24 11:07 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 12:00 - 2014-08-24 12:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-24 11:49 - 2014-08-24 11:39 - 00000000 ____D () C:\AdwCleaner
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2014-08-24 11:07 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 11:07 - 2013-10-23 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 10:42 - 2014-08-24 10:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-23 11:28 - 2013-02-28 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-23 02:42 - 2014-08-28 09:07 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 _____ () C:\Users\Angeliki\defogger_reenable
2014-08-21 14:51 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-21 14:51 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-21 14:51 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-21 14:48 - 2013-08-22 16:46 - 00334355 _____ () C:\WINDOWS\setupact.log
2014-08-19 12:13 - 2014-08-19 12:13 - 00000000 ____D () C:\Users\Angeliki\MediaEspresso
2014-08-19 12:11 - 2014-08-19 12:11 - 00000000 ____D () C:\Users\Public\CyberLink
2014-08-19 12:11 - 2014-01-28 15:35 - 00000000 ____D () C:\Users\Angeliki\AppData\Roaming\CyberLink
2014-08-19 12:11 - 2012-08-28 03:00 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-19 12:10 - 2014-01-28 15:35 - 00000000 ____D () C:\Users\Angeliki\AppData\Local\Cyberlink
2014-08-19 12:07 - 2014-08-19 12:02 - 00000000 ____D () C:\UBCD4Win
2014-08-19 09:21 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files\005
2014-08-19 09:21 - 2014-08-19 09:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-08-19 09:20 - 2014-08-19 09:20 - 00004272 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2014-08-19 09:20 - 2014-08-19 09:20 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-08-19 09:20 - 2014-08-18 21:58 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-08-18 18:37 - 2013-09-17 09:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-18 18:35 - 2013-02-28 21:04 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 12:42 - 2014-08-18 12:42 - 00000000 ____D () C:\Neuer Ordner
2014-08-17 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-17 14:05 - 2014-08-11 19:31 - 00000000 ____D () C:\Users\Angeliki\Desktop\INFINITI
2014-08-17 14:05 - 2014-04-25 21:24 - 00000000 ____D () C:\Users\Angeliki\Desktop\ΘΕΑΤΡΟ
2014-08-16 14:50 - 2014-07-15 17:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-16 14:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-15 14:48 - 2014-08-03 21:11 - 00000000 ____D () C:\ProgramData\AlxuwEtice
2014-08-14 11:03 - 2014-05-27 20:41 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 11:00 - 2014-07-15 15:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 10:59 - 2014-07-01 20:09 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 10:59 - 2014-07-01 20:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 10:59 - 2014-07-01 20:07 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 10:59 - 2014-05-27 20:41 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 10:59 - 2014-05-27 20:33 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 10:59 - 2014-05-27 12:09 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 10:59 - 2014-04-14 19:11 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 10:59 - 2014-04-14 19:11 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 10:59 - 2014-04-14 18:44 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 10:59 - 2014-04-14 18:42 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 10:59 - 2014-04-14 18:42 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 10:59 - 2014-04-14 18:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 10:59 - 2014-04-14 18:42 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-07 04:12 - 2014-08-14 11:04 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:38 - 2014-08-14 11:05 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

Some content of TEMP:
====================
C:\Users\Angeliki\AppData\Local\Temp\AAMHelper.exe
C:\Users\Angeliki\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Angeliki\AppData\Local\Temp\avgnt.exe
C:\Users\Angeliki\AppData\Local\Temp\nsk9840.tmp.exe
C:\Users\Angeliki\AppData\Local\Temp\Quarantine.exe
C:\Users\Dinos\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-02 09:12

==================== End Of Log ============================
         
--- --- ---
__________________
Grüsse aus dem Bergischen Land
Ludger

Alt 03.09.2014, 14:03   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



fertig
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.09.2014, 21:49   #15
ludibubi
 
Abbuchung vom Konto und Artemis!DFFB5A796C32 - Standard

Abbuchung vom Konto und Artemis!DFFB5A796C32



Super danke! Meine Bekannte hat bereits eine Spende an euch gesendet. Alles Gute!
__________________
Grüsse aus dem Bergischen Land
Ludger

Antwort

Themen zu Abbuchung vom Konto und Artemis!DFFB5A796C32
android/mobserv.a, js/toolbar.crossrider.b, mobogenie, msil/domaiq.a, msil/vittalia.b, msil/vittalia.c, reimage, sparkasse, win32/anyprotect.d, win32/bundled.toolbar.ask.f, win32/conduit.searchprotect.n, win32/elex.av, win32/exfriendalert.b, win32/installmonetizer.aq, win32/kryptik.cilo, win32/mobogenie.a, win32/searchplugin.a, win32/thinknice.b, win32/thinknice.e, win32/toolbar.babylon.y, win32/toolbar.conduit, win32/toolbar.conduit.y, win32/vittalia.k, win64/thinknice.d, win64/thinknice.e, win64/thinknice.f




Ähnliche Themen: Abbuchung vom Konto und Artemis!DFFB5A796C32


  1. McAfee isoliert Artemis! 7563DE18185A
    Plagegeister aller Art und deren Bekämpfung - 20.07.2015 (23)
  2. Mcafee: Artemis auf dem Laptop der Tochter mit WIN 8
    Log-Analyse und Auswertung - 29.12.2014 (18)
  3. Phishing: Informationen zu Ihrem PayPal-Konto (Ihr PayPal-Konto weist derzeit einen negativen Kontostand auf.)
    Diskussionsforum - 11.10.2014 (0)
  4. Trojaner Artemis!29760C4C151F eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (15)
  5. Artemis-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (3)
  6. Artemis Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (13)
  7. Trojaner Artemis!817BCA3E74AF
    Log-Analyse und Auswertung - 30.03.2013 (10)
  8. Trojaner: Artemis!697E81D4CFBD
    Log-Analyse und Auswertung - 05.02.2013 (1)
  9. Artemis Trojaner Beseitigung
    Log-Analyse und Auswertung - 24.06.2012 (28)
  10. artemis 6.xxxxxxxxx dringend trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (7)
  11. iTunes Konto geknackt,Abbuchung getätigt, Log-Analyse
    Log-Analyse und Auswertung - 21.01.2012 (14)
  12. Artemis!E9C1481D8414 gefunden?
    Plagegeister aller Art und deren Bekämpfung - 06.07.2011 (1)
  13. Artemis / Was soll ich tun ?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (1)
  14. Unberechtigte Abbuchung eines bekannten ZahlService - DR/KKFinder.AH ?
    Log-Analyse und Auswertung - 28.02.2010 (5)
  15. Trojaner namens Generic/Artemis
    Log-Analyse und Auswertung - 26.02.2009 (17)
  16. Generic!Artemis
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (5)
  17. Thunderbird vom Admin-Konto zum Gast-Konto "verschieben"
    Alles rund um Windows - 23.01.2008 (2)

Zum Thema Abbuchung vom Konto und Artemis!DFFB5A796C32 - Guten Tag! Eine Bekannte hat mich um Hilfe gebeten. Sie auf der Sparkassenseite, als eine Meldung auf dem Bildschirm erschien, in der sie aufgefordert wurde, eine per SMS zugesandte PIN - Abbuchung vom Konto und Artemis!DFFB5A796C32...
Archiv
Du betrachtest: Abbuchung vom Konto und Artemis!DFFB5A796C32 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.