Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Log-Analyse und Auswertung: Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 08.09.2014, 19:00   #1
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Unglücklich

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hallo liebes Forum,

seit vielen Jahren setze ich den Virenscanner Gdata ein und hatte nie Probleme mit Trojaner etc. gehabt.

Seit einiger Zeit meldete Gdata "kein Zugriff auf Web-Inhalte" und ich war der Meinung, dass Gdata nur Websites blockiert, die infiziert sind.

Aber dann ging es weiter mit Viren-Meldungen wie
"Virus: Win32.Adware.OfferMosquito.A
Es wurde versucht, auf eine infizierte
Datei zuzugreifen.
Datei: omesuperv.exe
Verzeichnis: C:\Users\*****\AppData\Local"

und
Virus: Win32.Trojan.Agent.JQF189 (Engine B)
Es wurde versucht, auf eine infizierte
Datei zuzugreifen.
Datei: Sixth.exe
Verzeichnis: C:\Users\*****\AppData\Roaming"

und so weiter.

Daraufhin habe ich Spybot, dann CCleaner versucht die Viren zu entfernen, was mir nicht gelungen ist, denn die Virenmeldungen kommen immer wieder.

Im Internet habe ich nicht wirklich etwas hilfreiches gefunden, bis ich auf dieses Forum gestoßen bin.

Nun hoffe ich, dass mir jemand helfen kann, denn die ständige Meldungen sind unerträglich. Ein wichtiges Phänomen ist, dass besonders OpenOffice abstürzt - meistens "Calc".
Auch insgesamt läuft der PC meistens langsam als noch vor einiger Zeit.

Die log-Dateien habe ich, soweit ich es kann, nach Ihren Vorgaben erstellt und bin mir nicht sicher, ob diese ausreichend sind oder ob noch etwas fehlt.

Für die Hilfe möchte ich mich schon jetzt sehr bedanken und hoffe, dass ich die Plagegeister schnell wieder loswerde.

http://www.trojaner-board.de/images/...ankeschoen.gif


Viele Grüße
perseiden

PS - Gerade kam folgende Meldung von Gdata rein:

Virus: Gen:Adware.Heur.hm9@gbbj1sci (Engine A)
Datei: Microsoft.VisualStudio.OLE.Interop.dll
Verzeichnis: C:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a

und
Virus: Gen:Adware.Heur.im9@g9QL6A (Engine A)
Datei: Interop.SHDocVw.dll
Verzeichnis: C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d
Geändert von perseiden (08.09.2014 um 19:47 Uhr)

Alt 08.09.2014, 19:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Bitte vorerst nur mal die Logs von FRST.
__________________

__________________
Alt 08.09.2014, 20:18   #3
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hallo Schrauber,

danke sehr für die schnelle Antwort und hier der Inhalt von FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by ***** (administrator) on *****-PC on 08-09-2014 16:42:13
Running from C:\Users\*****\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\IKom\MYSQL\bin\mysqld-nt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Gerhard Junker) C:\Program Files (x86)\ncid.Net\ncid.Net.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Ulrich Krebs) C:\Program Files (x86)\Kalender\Kalender.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [ncid.Net] => C:\Program Files (x86)\ncid.Net\ncid.Net.exe [2248192 2013-11-11] (Gerhard Junker)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [991232 2014-02-22] (Ulrich Krebs)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [SCheck] => C:\Users\*****\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [DataMgr] => C:\Users\*****\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Intermediate] => C:\Users\*****\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Sixth] => C:\Users\*****\AppData\Roaming\Sixth\Sixth.exe [63624 2014-08-19] ()
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Seventh] => C:\Users\*****\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-19] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-twncid-gui.bat.lnk
ShortcutTarget: start-twncid-gui.bat.lnk -> C:\TWNcid\start-twncid-gui.bat (No File)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk /r \??\H:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8763812b-1f83-4390-af15-facf650dd244&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com.anonymize-me.de/?anonymto=687474703A2F2F666565642E68656C7065726261722E636F6D2F3F7075626C69736865723D4F50454E43414E445926647069643D4F50454E43414E4459415052494C26636F3D4445267573657269643D38373633383132622D316638332D343339302D616631352D6661636636353064643234342661666669643D31313037373426736561726368747970653D6473266261627372633D6C6E6B727926713D7B7365617263685465726D737D&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&k=0
SearchScopes: HKCU - {0557E17D-5D4A-4EE5-B630-BC1201A9E9BF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=14FC32D8-59DA-44DC-A2A3-16B9B6FE6B68&apn_sauid=AC024C57-A54C-4892-9047-E0EC50960046
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4C454E4446382670633D4D414C4E267372633D49452D536561726368426F78&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&k=0
SearchScopes: HKCU - {3A32F94D-F172-42F1-B448-87128D6A3ED1} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87D65010-5005-4955-A218-FEE8589A50BA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {9B3E6316-1C2E-4928-AE88-8B695931D47D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A6E92902-D674-4B10-8707-29C6983680B2} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CAE14CD4-A99D-4D4D-8774-1C41690D4B9D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F7810828-398E-4515-AF23-F71B4C4209D9} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer
FF DefaultSearchEngine: FBDownloader Search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: FBDownloader Search
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\user.js
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{06AC9F7F-4180-4EA3-8542-83DE26507725}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{3F8E1834-7B54-450B-8167-50EC569A5AA2}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{87A67C4C-0C7D-456B-97D0-5291334E8CB9}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{51C2B004-B2D4-44D5-A763-9A1A79A79E88}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{C34FEE3A-91E8-4F14-88FD-5A6C5712A668}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{D21269EA-B86F-496F-A06F-BD6F11935C62}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-08-08]
FF Extension: Simple New Tab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-08-21]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: SPARWELT Gutscheinalarm - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ciuvo-extension@sparwelt.de.xpi [2013-01-26]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\extension@preispilot.com.xpi [2012-12-05]
FF Extension: NO Google Analytics - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2013-03-13]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-08-06]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-11-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\extensions\firejump@firejump.net
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\extensions\extension@preispilot.com
FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] - C:\Program Files (x86)\TubeSaver\128.xpi

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\*****\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx []
CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\128.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MySQL5; C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe [4493312 2012-12-29] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-09] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-09] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-08-16] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon64.sys [31448 2011-06-12] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-07-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-08-16] (G Data Software AG)
R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-07-15] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-07-09] (G Data Software AG)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2012-10-12] (Windows (R) Win 7 DDK provider)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:39 - 2014-09-08 16:41 - 00000476 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:37 - 2014-09-08 16:37 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-08 16:34 - 2014-09-08 16:34 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-08 16:13 - 2014-09-08 16:14 - 00042945 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-08 16:11 - 2014-09-08 16:42 - 00026618 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-08 16:10 - 2014-09-08 16:42 - 00000000 ____D () C:\FRST
2014-09-08 16:07 - 2014-09-08 16:07 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-08 08:39 - 2014-09-08 08:39 - 00000056 _____ () C:\windows\setupact.log
2014-09-08 08:39 - 2014-09-08 08:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 20:30 - 2014-09-07 20:37 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 22:48 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:28 - 2014-09-07 20:29 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 16:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 15:01 - 2014-09-07 22:49 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00001034 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-02 23:18 - 2014-09-02 23:23 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:21 - 2014-09-02 18:22 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-28 07:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 07:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 07:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 10:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-24 10:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-24 10:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-24 10:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-24 10:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-24 10:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-24 10:17 - 2014-09-08 08:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Seventh
2014-08-21 08:45 - 2014-08-25 13:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Snz
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Sixth
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Local\simple_new_tab
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:47 - 2014-08-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:11 - 2014-08-17 15:13 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-14 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-14 08:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 08:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 08:39 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 08:38 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-14 08:38 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-14 08:38 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-14 08:38 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-14 08:38 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-14 08:38 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-14 08:38 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-14 08:38 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-14 08:38 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-14 08:38 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-14 08:38 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-14 08:38 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-14 08:38 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-14 08:38 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-14 08:38 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-14 08:38 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-14 08:38 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-14 08:38 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-14 08:38 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-14 08:38 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-14 08:38 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-14 08:38 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-14 08:38 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-14 08:38 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-14 08:38 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-14 08:38 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 08:38 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-14 08:38 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-14 08:38 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-14 08:38 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-14 08:38 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-14 08:38 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-14 08:38 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-14 08:38 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-14 08:38 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-14 08:38 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-14 08:38 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-14 08:38 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-14 08:38 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 08:38 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-14 08:38 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-14 08:38 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-14 08:38 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-14 08:38 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-14 08:38 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-14 08:38 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-14 08:38 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-14 08:38 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-14 08:38 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-14 08:38 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-14 08:38 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-14 08:38 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-14 08:38 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-14 08:38 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-14 08:38 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-14 08:38 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-14 08:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 08:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 08:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:38 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 08:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 08:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 08:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 08:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 08:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 21:42 - 2014-08-12 21:43 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 19:39 - 2014-08-12 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:42 - 2014-09-08 16:11 - 00026618 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-08 16:42 - 2014-09-08 16:10 - 00000000 ____D () C:\FRST
2014-09-08 16:41 - 2014-09-08 16:39 - 00000476 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:39 - 2011-06-12 20:35 - 00000000 ____D () C:\Users\*****
2014-09-08 16:37 - 2014-09-08 16:37 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-08 16:34 - 2014-09-08 16:34 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-08 16:25 - 2011-08-19 14:39 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 16:14 - 2014-09-08 16:13 - 00042945 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-08 16:10 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:10 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:07 - 2014-09-08 16:07 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-08 15:21 - 2014-04-27 16:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\UK's Kalender
2014-09-08 12:25 - 2011-08-19 14:39 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 11:52 - 2013-11-16 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\Users\*****\Documents\MailStore Home
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\ProgramData\firebird
2014-09-08 10:19 - 2010-05-20 04:39 - 01921179 _____ () C:\windows\WindowsUpdate.log
2014-09-08 08:40 - 2014-08-24 10:17 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Seventh
2014-09-08 08:40 - 2011-06-12 20:35 - 09385608 _____ () C:\FaceProv.log
2014-09-08 08:39 - 2014-09-08 08:39 - 00000056 _____ () C:\windows\setupact.log
2014-09-08 08:39 - 2014-09-08 08:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-08 08:39 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-07 22:49 - 2014-09-07 15:01 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 22:48 - 2014-09-07 20:29 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:37 - 2014-09-07 20:30 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 20:28 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 16:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 15:02 - 2012-10-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00001034 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-07 13:25 - 2013-07-17 11:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:05 - 2014-03-20 11:44 - 00014169 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-09-04 09:33 - 2013-08-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Wisterer HX
2014-09-04 09:32 - 2013-08-02 20:04 - 00000000 ____D () C:\Users\*****\Documents\Wisterer HX
2014-09-03 13:32 - 2014-02-19 18:34 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-09-03 13:32 - 2012-03-04 19:11 - 00000722 _____ () C:\windows\wiso.ini
2014-09-03 13:32 - 2012-03-04 18:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-03 13:08 - 2010-05-19 20:24 - 00703192 _____ () C:\windows\system32\perfh007.dat
2014-09-03 13:08 - 2010-05-19 20:24 - 00150800 _____ () C:\windows\system32\perfc007.dat
2014-09-03 13:08 - 2009-07-14 07:13 - 01629284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-02 23:23 - 2014-09-02 23:18 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 23:12 - 2012-08-21 17:10 - 00000000 ____D () C:\Users\*****\Tracing
2014-09-02 23:12 - 2011-09-17 11:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TeamViewer
2014-09-02 23:12 - 2011-07-30 23:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\PhotoScape
2014-09-02 23:11 - 2012-11-28 16:42 - 00000000 ____D () C:\windows\Minidump
2014-09-02 23:11 - 2009-07-29 09:00 - 00000000 ____D () C:\windows\Panther
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:22 - 2014-09-02 18:21 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-29 19:34 - 2012-08-22 16:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\7-PDFSplitMerge
2014-08-29 07:25 - 2009-07-14 06:45 - 00443528 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 11:57 - 2012-03-29 08:26 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 11:57 - 2011-06-13 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-25 13:34 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Snz
2014-08-25 09:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-24 18:35 - 2012-12-29 19:31 - 00000000 ____D () C:\Program Files\IKom
2014-08-24 15:12 - 2012-07-25 19:19 - 00000000 ____D () C:\A1-Faktura
2014-08-23 04:07 - 2014-08-28 07:43 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:43 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:43 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Sixth
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Local\simple_new_tab
2014-08-21 08:45 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DataMgr
2014-08-21 08:44 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SCheck
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-20 16:43 - 2013-04-08 18:12 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-08-20 16:39 - 2011-06-12 22:37 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-19 19:06 - 2014-08-17 15:47 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:13 - 2014-08-17 15:11 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-16 08:41 - 2014-05-10 14:48 - 00001929 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-08-16 08:41 - 2011-06-12 22:43 - 00064000 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys
2014-08-16 08:40 - 2011-06-12 22:43 - 00142336 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-08-15 09:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 22:38 - 2013-08-15 22:20 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 22:32 - 2011-06-16 07:41 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 22:25 - 2014-05-01 00:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-12 21:43 - 2014-08-12 21:42 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 21:37 - 2014-08-12 19:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe
2014-08-09 15:41 - 2012-08-18 11:51 - 00007667 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:15

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

[CODE]
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by ***** (administrator) on *****-PC on 08-09-2014 16:42:13
Running from C:\Users\*****\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\IKom\MYSQL\bin\mysqld-nt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Gerhard Junker) C:\Program Files (x86)\ncid.Net\ncid.Net.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Ulrich Krebs) C:\Program Files (x86)\Kalender\Kalender.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-04-03] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [ncid.Net] => C:\Program Files (x86)\ncid.Net\ncid.Net.exe [2248192 2013-11-11] (Gerhard Junker)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [991232 2014-02-22] (Ulrich Krebs)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [SCheck] => C:\Users\*****\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [DataMgr] => C:\Users\*****\AppData\Roaming\DataMgr\DataMgr.exe [168824 2013-07-21] (HTTO Group, Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Intermediate] => C:\Users\*****\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Sixth] => C:\Users\*****\AppData\Roaming\Sixth\Sixth.exe [63624 2014-08-19] ()
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Seventh] => C:\Users\*****\AppData\Roaming\Seventh\Seventh.exe [83648 2014-08-19] ()
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-twncid-gui.bat.lnk
ShortcutTarget: start-twncid-gui.bat.lnk -> C:\TWNcid\start-twncid-gui.bat (No File)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk /r \??\H:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=8763812b-1f83-4390-af15-facf650dd244&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com.anonymize-me.de/?anonymto=687474703A2F2F666565642E68656C7065726261722E636F6D2F3F7075626C69736865723D4F50454E43414E445926647069643D4F50454E43414E4459415052494C26636F3D4445267573657269643D38373633383132622D316638332D343339302D616631352D6661636636353064643234342661666669643D31313037373426736561726368747970653D6473266261627372633D6C6E6B727926713D7B7365617263685465726D737D&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&k=0
SearchScopes: HKCU - {0557E17D-5D4A-4EE5-B630-BC1201A9E9BF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=14FC32D8-59DA-44DC-A2A3-16B9B6FE6B68&apn_sauid=AC024C57-A54C-4892-9047-E0EC50960046
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D4C454E4446382670633D4D414C4E267372633D49452D536561726368426F78&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&k=0
SearchScopes: HKCU - {3A32F94D-F172-42F1-B448-87128D6A3ED1} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87D65010-5005-4955-A218-FEE8589A50BA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q={searchTerms}
SearchScopes: HKCU - {9B3E6316-1C2E-4928-AE88-8B695931D47D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A6E92902-D674-4B10-8707-29C6983680B2} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CAE14CD4-A99D-4D4D-8774-1C41690D4B9D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F7810828-398E-4515-AF23-F71B4C4209D9} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer
FF DefaultSearchEngine: FBDownloader Search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: FBDownloader Search
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Keyword.URL: hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\user.js
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{06AC9F7F-4180-4EA3-8542-83DE26507725}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{3F8E1834-7B54-450B-8167-50EC569A5AA2}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{87A67C4C-0C7D-456B-97D0-5291334E8CB9}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{51C2B004-B2D4-44D5-A763-9A1A79A79E88}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{C34FEE3A-91E8-4F14-88FD-5A6C5712A668}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{D21269EA-B86F-496F-A06F-BD6F11935C62}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-08-08]
FF Extension: Simple New Tab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-08-21]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: SPARWELT Gutscheinalarm - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ciuvo-extension@sparwelt.de.xpi [2013-01-26]
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\extension@preispilot.com.xpi [2012-12-05]
FF Extension: NO Google Analytics - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2013-03-13]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-08-06]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013-11-16]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\extensions\firejump@firejump.net
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\extensions\extension@preispilot.com
FF HKCU\...\Firefox\Extensions: [Tubesaver@istqt.co] - C:\Program Files (x86)\TubeSaver\128.xpi

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\*****\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx []
CHR HKLM-x32\...\Chrome\Extension: [ojcdnngpmbenohhjlickdajclhbcaada] - C:\Program Files (x86)\TubeSaver\128.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MySQL5; C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe [4493312 2012-12-29] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1149104 2013-04-03] (Crawler.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-09] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-09] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-08-16] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon64.sys [31448 2011-06-12] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-07-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-08-16] (G Data Software AG)
R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-07-15] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-07-09] (G Data Software AG)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2012-10-12] (Windows (R) Win 7 DDK provider)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:39 - 2014-09-08 16:41 - 00000476 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:37 - 2014-09-08 16:37 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-08 16:34 - 2014-09-08 16:34 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-08 16:13 - 2014-09-08 16:14 - 00042945 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-08 16:11 - 2014-09-08 16:42 - 00026618 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-08 16:10 - 2014-09-08 16:42 - 00000000 ____D () C:\FRST
2014-09-08 16:07 - 2014-09-08 16:07 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-08 08:39 - 2014-09-08 08:39 - 00000056 _____ () C:\windows\setupact.log
2014-09-08 08:39 - 2014-09-08 08:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 20:30 - 2014-09-07 20:37 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 22:48 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:28 - 2014-09-07 20:29 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 16:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 15:01 - 2014-09-07 22:49 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00001034 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-02 23:18 - 2014-09-02 23:23 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:21 - 2014-09-02 18:22 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-28 07:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 07:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 07:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 10:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-24 10:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-24 10:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-24 10:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-24 10:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-24 10:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-24 10:17 - 2014-09-08 08:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Seventh
2014-08-21 08:45 - 2014-08-25 13:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Snz
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Sixth
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Local\simple_new_tab
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:47 - 2014-08-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:11 - 2014-08-17 15:13 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-14 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-14 08:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 08:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 08:39 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 08:38 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-14 08:38 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-14 08:38 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-14 08:38 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-14 08:38 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-14 08:38 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-14 08:38 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-14 08:38 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-14 08:38 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-14 08:38 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-14 08:38 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-14 08:38 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-14 08:38 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-14 08:38 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-14 08:38 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-14 08:38 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-14 08:38 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-14 08:38 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-14 08:38 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-14 08:38 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-14 08:38 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-14 08:38 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-14 08:38 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-14 08:38 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-14 08:38 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-14 08:38 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 08:38 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-14 08:38 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-14 08:38 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-14 08:38 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-14 08:38 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-14 08:38 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-14 08:38 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-14 08:38 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-14 08:38 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-14 08:38 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-14 08:38 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-14 08:38 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-14 08:38 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 08:38 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-14 08:38 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-14 08:38 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-14 08:38 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-14 08:38 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-14 08:38 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-14 08:38 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-14 08:38 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-14 08:38 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-14 08:38 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-14 08:38 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-14 08:38 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-14 08:38 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-14 08:38 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-14 08:38 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-14 08:38 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-14 08:38 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-14 08:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 08:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 08:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:38 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 08:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 08:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 08:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 08:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 08:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 21:42 - 2014-08-12 21:43 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 19:39 - 2014-08-12 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-08 16:42 - 2014-09-08 16:11 - 00026618 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-08 16:42 - 2014-09-08 16:10 - 00000000 ____D () C:\FRST
2014-09-08 16:41 - 2014-09-08 16:39 - 00000476 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:39 - 2011-06-12 20:35 - 00000000 ____D () C:\Users\*****
2014-09-08 16:37 - 2014-09-08 16:37 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-08 16:34 - 2014-09-08 16:34 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-08 16:25 - 2011-08-19 14:39 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-08 16:14 - 2014-09-08 16:13 - 00042945 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-08 16:10 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:10 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 16:07 - 2014-09-08 16:07 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-08 15:21 - 2014-04-27 16:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\UK's Kalender
2014-09-08 12:25 - 2011-08-19 14:39 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-08 11:52 - 2013-11-16 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\Users\*****\Documents\MailStore Home
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\ProgramData\firebird
2014-09-08 10:19 - 2010-05-20 04:39 - 01921179 _____ () C:\windows\WindowsUpdate.log
2014-09-08 08:40 - 2014-08-24 10:17 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Seventh
2014-09-08 08:40 - 2011-06-12 20:35 - 09385608 _____ () C:\FaceProv.log
2014-09-08 08:39 - 2014-09-08 08:39 - 00000056 _____ () C:\windows\setupact.log
2014-09-08 08:39 - 2014-09-08 08:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-08 08:39 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-07 22:49 - 2014-09-07 15:01 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 22:48 - 2014-09-07 20:29 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:37 - 2014-09-07 20:30 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 20:28 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 16:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 15:02 - 2012-10-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00001034 _____ () C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Spyware Terminator
2014-09-07 15:01 - 2014-09-07 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-07 13:25 - 2013-07-17 11:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:05 - 2014-03-20 11:44 - 00014169 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-09-04 09:33 - 2013-08-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Wisterer HX
2014-09-04 09:32 - 2013-08-02 20:04 - 00000000 ____D () C:\Users\*****\Documents\Wisterer HX
2014-09-03 13:32 - 2014-02-19 18:34 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-09-03 13:32 - 2012-03-04 19:11 - 00000722 _____ () C:\windows\wiso.ini
2014-09-03 13:32 - 2012-03-04 18:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-03 13:08 - 2010-05-19 20:24 - 00703192 _____ () C:\windows\system32\perfh007.dat
2014-09-03 13:08 - 2010-05-19 20:24 - 00150800 _____ () C:\windows\system32\perfc007.dat
2014-09-03 13:08 - 2009-07-14 07:13 - 01629284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-02 23:23 - 2014-09-02 23:18 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 23:12 - 2012-08-21 17:10 - 00000000 ____D () C:\Users\*****\Tracing
2014-09-02 23:12 - 2011-09-17 11:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TeamViewer
2014-09-02 23:12 - 2011-07-30 23:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\PhotoScape
2014-09-02 23:11 - 2012-11-28 16:42 - 00000000 ____D () C:\windows\Minidump
2014-09-02 23:11 - 2009-07-29 09:00 - 00000000 ____D () C:\windows\Panther
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:22 - 2014-09-02 18:21 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-29 19:34 - 2012-08-22 16:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\7-PDFSplitMerge
2014-08-29 07:25 - 2009-07-14 06:45 - 00443528 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 11:57 - 2012-03-29 08:26 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 11:57 - 2011-06-13 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-25 13:34 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Snz
2014-08-25 09:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-24 18:35 - 2012-12-29 19:31 - 00000000 ____D () C:\Program Files\IKom
2014-08-24 15:12 - 2012-07-25 19:19 - 00000000 ____D () C:\A1-Faktura
2014-08-23 04:07 - 2014-08-28 07:43 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:43 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:43 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Sixth
2014-08-21 08:45 - 2014-08-21 08:45 - 00000000 ____D () C:\Users\*****\AppData\Local\simple_new_tab
2014-08-21 08:45 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DataMgr
2014-08-21 08:44 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SCheck
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-20 16:43 - 2013-04-08 18:12 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-08-20 16:39 - 2011-06-12 22:37 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-19 19:06 - 2014-08-17 15:47 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:13 - 2014-08-17 15:11 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-16 08:41 - 2014-05-10 14:48 - 00001929 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-08-16 08:41 - 2011-06-12 22:43 - 00064000 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys
2014-08-16 08:40 - 2011-06-12 22:43 - 00142336 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-08-15 09:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 22:38 - 2013-08-15 22:20 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 22:32 - 2011-06-16 07:41 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 22:25 - 2014-05-01 00:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-12 21:43 - 2014-08-12 21:42 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 21:37 - 2014-08-12 19:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe
2014-08-09 15:41 - 2012-08-18 11:51 - 00007667 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:15

==================== End Of Log ============================
--- --- ---

--- --- ---
__________________
Alt 08.09.2014, 21:22   #4
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


[CODE]
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by ***** at 2014-09-08 16:13:09
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Printer 7.2.0.1306 (HKLM\...\7-PDF Printer_is1) (Version: 7.2.0.1306 - 7-PDF, Germany - Th. Hodes)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A1-Faktura 1.429 (HKLM-x32\...\A1-Faktura_is1) (Version:  - A1-Faktura)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Artweaver Free 3.0 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.0 - Boris Eyrich Software)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Brother MFL-Pro Suite DCP-150C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{157F58B7-9109-406C-B0FE-C511F06FBF2E}) (Version: 0.8.11 - Kovid Goyal)
Cartoonist 1.3 (HKLM-x32\...\Cartoonist_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CSV-Import 3.9 (HKLM-x32\...\CSV-Import_is1) (Version:  - tm)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
Duden Korrektor Starterbox 3.51 (HKLM-x32\...\InstallShield_{EB56EDF6-1F3C-4084-A7DA-24A8C3711CB0}) (Version: 1.00.0160 RC3 - Brockhaus)
Duden Korrektor Starterbox 3.51 (x32 Version: 1.00.0160 RC3 - Brockhaus) Hidden
EasyCash&Tax 1.55 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
EasyRide&Tax 1.3 (HKLM-x32\...\EasyRide&Tax_is1) (Version:  - tm)
ECTPlugAnlagenverzeichnis 1.5 (HKLM-x32\...\ECTPlugAnlagenverzeichnis_is1) (Version:  - wolfram)
ECTPlugJavaScriptJournal 1.03 (HKLM-x32\...\ECTPlugJavaScriptJournal_is1) (Version:  - tm)
ECTPlugWolframsJournal 1.03 (HKLM-x32\...\ECTPlugWolframsJournal_is1) (Version:  - wolfram)
Elster-Export 1.10 (HKLM-x32\...\Elster-Export Plugin für EasyCash&Tax_is1) (Version:  - tm)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
English Translator (HKLM-x32\...\English Translator) (Version:  - Translator)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.5 - Astonsoft Ltd)
Fakturama (HKLM-x32\...\Fakturama) (Version: 1.5.0 - sebulli.com)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FireJump (HKLM-x32\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.2.5 - FireJump.net)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.1 - G DATA Software AG)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Gnumeric Spreadsheet 1.12.17-20140610 (HKCU\...\Gnumeric) (Version: 1.12.17-20140610 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
Haufe iDesk-Browser (HKLM-x32\...\{56FDB311-6511-11DE-832F-0050560400B1}) (Version: 9.06.30.7144 - Haufe)
Haufe iDesk-Service (HKLM-x32\...\{EB5AE940-8E5D-11DE-992A-005056B12123}) (Version: 9.08.21.7460 - Haufe)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ICE Kommunikationsmanager (HKLM-x32\...\IKom) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009F0}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lingoes 2.8.1 (HKLM-x32\...\Lingoes Translator_is1) (Version: 2.8.1 - Lingoes Project)
Luminance HDR 2.2.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MonKey Kassenbuch 2012, Version 9.1.2 (HKLM-x32\...\MonKey Kassenbuch 2012_is1) (Version:  - ProSaldo GmbH)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL (HKLM-x32\...\MySQL5) (Version:  - )
ncid.Net 2.14.1.0 (HKLM-x32\...\{0786323B-C2FF-4CA7-9FE1-1B50EEC6D6E8}) (Version: 2.14.1.0 - Gerhard Junker)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Mail 1.0 (HKCU\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail v4.63 Release 1, Build 325 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Tech Soft GmbH)
Personal Backup 5.3 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picturenaut 3.2 (HKLM\...\{2FAE878F-C959-4C70-9BEF-F01733D43970}) (Version: 3.2.0.1690 - Marc M.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
QuickSteuer Wissens-Center 2010 (HKLM-x32\...\{EDF80EF9-3903-4DDC-96BC-F7D863E689C4}) (Version: 16.0.1.0 - Haufe Mediengruppe)
Re/3 Import-Plugin 3.5 (HKLM-x32\...\Buchungs Plugin_is1) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler.com)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
UK's Kalender 2.4.2 (HKLM-x32\...\UK's Kalender_is1) (Version:  - Ulrich Krebs)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.1.0226 - Lenovo)
Video Downloader (HKLM-x32\...\Video Downloader) (Version: 1.14 - hxxp://www.vgrabber.com)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )
Web Photo Album 1.2 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zimbra Desktop (HKLM-x32\...\{EF9D9FAD-D31E-493B-9A6B-28D56FE4EB8F}) (Version: 2.0.0 - Zimbra)
ZusammenfassendeMeldung 1.1 (HKLM-x32\...\ZusammenfassendeMeldung_is1) (Version:  - tm)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-08-2014 11:04:03 Geplanter Prüfpunkt
05-08-2014 17:28:53 OpenOffice 4.1.0 wird entfernt
05-08-2014 17:46:33 OpenOffice 4.1.0 wird installiert
06-08-2014 06:07:44 Windows Update
07-08-2014 07:06:03 Installed Java 7 Update 67
14-08-2014 06:18:46 Windows Update
14-08-2014 20:24:01 Windows Update
19-08-2014 07:25:11 Windows Update
20-08-2014 14:41:01 Installed TomTom HOME.
24-08-2014 08:21:01 Windows Update
24-08-2014 08:29:40 Windows Update
28-08-2014 21:13:33 Windows Update
02-09-2014 07:21:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066F2BF1-E96A-47A7-81C6-41A5F9CDEF83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {17321497-609D-4EFB-8EB5-ADA08980CCC8} - System32\Tasks\{04155270-E5C9-41A7-AF9E-7DCF6ADA0129} => E:\SETUP.EXE
Task: {245C8257-99F3-474F-BF08-15A1E617BF5E} - System32\Tasks\{0B031DCB-D7E0-48C7-B4AE-872BFECE82A7} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {256C1FA7-AD4E-400C-9722-5AEE73E30035} - System32\Tasks\{01EEF895-196F-4A54-8E3C-1B26C7336751} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {29414B50-7024-4435-9DC0-80032C9B2E23} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {2E607181-F23F-4211-8D88-7004B22172DB} - System32\Tasks\{4FE2D6B6-4403-4848-92AF-E4AAE7016CD5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {2F99050E-93D4-4620-9188-B4BA4B30E348} - System32\Tasks\{862A53A6-E4C8-45A6-850C-7B322028D98F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {328C46B3-3893-41B1-904A-8F7DABD0218D} - System32\Tasks\{32887CB8-15EC-4CD7-8504-F81DB180EEB8} => E:\SETUP.EXE
Task: {37ED1F1B-B737-4EAC-A653-490780F98F02} - System32\Tasks\{4422E10B-C6CA-4F6D-BFF8-D6189AF01A96} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {39313173-0F7D-4DCF-93BA-CAC9912538B5} - System32\Tasks\{8C774838-BAAE-48BE-9016-446AAF351137} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {458756C5-DEC6-489D-9C83-B32935C3737F} - System32\Tasks\{C7823A1B-7A07-4F97-AF69-E2A7BE6F14AE} => E:\SETUP.EXE
Task: {48363D53-CE1B-47A1-BE51-B90454F2E840} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {5039E153-1C24-4F5C-A84F-C59969879EB3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {687BDDB5-7460-4ED2-887F-59DFB6A35303} - System32\Tasks\{0D2D28F1-0A82-4BF0-A0FD-37312C8ABA5E} => E:\SETUP.EXE
Task: {6A6804BE-94DA-40FD-AC85-B93223391828} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {713ECB1E-55C1-4F6E-B9FD-5454890B70E1} - System32\Tasks\{166CEC53-9FFF-4034-9DD3-9439F774AFA7} => E:\SETUP.EXE
Task: {90DE6611-24ED-48BD-9422-608E95E4A543} - System32\Tasks\{6F0C7DFF-1EAA-4DCA-90F2-78AF0754A53E} => E:\SETUP.EXE
Task: {974EB9F6-C9B8-4083-A0F0-108DE78224FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {98F3C491-228A-423B-AF59-4E3E49270733} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {9C07A631-9B12-4365-924B-3038DEB70137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {A31AA768-B9AA-4055-8104-8242404AFC54} - System32\Tasks\{C649BD2A-DF6B-40C3-8B7D-EF259EB3E394} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {B0C65F50-9083-4AD5-AE6D-242215AC1175} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B0F3C637-0B45-4F40-9C1F-A43AF9A1DE58} - System32\Tasks\{A714B297-6F59-43EF-857F-0859983944D2} => E:\SETUP.EXE
Task: {B3AEE9F0-0A92-4BA4-AB83-1F4FBD420E19} - System32\Tasks\{44C5079F-B6EC-40DE-9B61-8AD082B9059C} => E:\SETUP.EXE
Task: {CF44C833-D4B8-4896-A9E9-554271F4925F} - System32\Tasks\{F1231D4F-3442-4036-AAF9-956E6275E6F1} => E:\SETUP.EXE
Task: {DAF9529E-F5C8-4C5C-8152-E8C8F9638068} - System32\Tasks\{12FC0358-645F-4666-B06B-2A68997E37C5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {DE684AE1-A48E-4E54-8909-7C2AA5540FE7} - System32\Tasks\{BCE3A580-1E1D-49AC-87AD-D4B03F4F24C2} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {F6983E5E-BACF-4F00-80E5-83E5ECF46F37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F8EB29E6-8CB7-4815-9F2E-C603D4DEBFE7} - System32\Tasks\{F69E41E9-2CFD-426E-8849-28DFE5EBF25F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-25 09:14 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-06-13 14:48 - 2010-06-17 21:56 - 00087040 _____ () C:\windows\System32\redmonnt.dll
2012-12-29 19:31 - 2012-12-29 19:31 - 04493312 _____ () C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe
2010-05-20 05:13 - 2009-12-19 04:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-05-20 05:13 - 2009-12-19 04:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-05-20 05:15 - 2010-05-20 05:15 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-05-20 05:13 - 2009-12-19 04:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2010-05-20 05:13 - 2009-12-19 04:53 - 00120224 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WMCEvent.dll
2013-07-17 11:07 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-17 11:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-17 11:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-05-20 05:13 - 2009-12-19 04:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-05-20 05:13 - 2009-12-19 04:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-31 15:24 - 2012-05-31 15:24 - 00501760 ____R () C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
2012-06-01 08:44 - 2012-06-01 08:44 - 00159744 ____R () C:\Program Files (x86)\ncid.Net\ikpflac.dll
2011-06-20 07:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-05-20 04:44 - 2009-12-23 19:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\*****\2012_09_10_23_30 WEB.DE Statusreport - Ãœbersicht Ihrer Ordner.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_23_19_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_26_20_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_07_00 jomondo hat neue Angebote.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_21_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_10_02_22_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_11_10_21_29 testfilmbibpräsi.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Radio.fx => 2
MSCONFIG\startupreg: OMESupervisor => C:\Users\*****\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: rfxsrvtray => "D:\Tobit Radio.fx\Client\rfx-tray.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 11:33:40 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/08/2014 11:32:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/08/2014 11:30:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/08/2014 11:30:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2014 09:52:12 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/08/2014 09:49:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/08/2014 09:49:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/07/2014 10:07:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/07/2014 10:06:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/07/2014 10:05:11 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (09/08/2014 03:48:08 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/08/2014 02:57:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/08/2014 01:47:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/08/2014 10:50:30 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/08/2014 08:47:18 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/08/2014 08:44:17 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/08/2014 08:43:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/08/2014 08:41:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen

Error: (09/08/2014 08:40:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/08/2014 08:40:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================
Error: (09/08/2014 11:33:40 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (09/08/2014 11:32:27 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/08/2014 11:30:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/08/2014 11:30:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/08/2014 09:52:12 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/08/2014 09:49:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/08/2014 09:49:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/07/2014 10:07:41 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (09/07/2014 10:06:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/07/2014 10:05:11 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 59%
Total physical RAM: 1974.85 MB
Available physical RAM: 802.57 MB
Total Pagefile: 3949.7 MB
Available Pagefile: 1474.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:173.59 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS
Drive g: (HDD) (Fixed) (Total:118.3 GB) (Free:66.74 GB) NTFS
Drive h: (Volume) (Fixed) (Total:170.9 GB) (Free:123.61 GB) NTFS
Drive i: (Volume) (Fixed) (Total:176.56 GB) (Free:43.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7E9D1089)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=118.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=170.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=176.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


Hier fehlte noch die Addition.txt -

Vielen Dank.

perseiden
Geändert von perseiden (08.09.2014 um 21:21 Uhr)

Alt 09.09.2014, 20:42   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.09.2014, 23:22   #6
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hallo schrauber,

danke für deine Hilfe.

Heute abend habe ich schonmal Malwarebytes durchgeführt und er zeigte einiges an. Habe es dann bereinigen lassen und auf exportieren, dabei hing sich das Programm auf. In den Protokollen ist der Suchlauf in der Übersicht allerdings vorhanden, sobald ich diese Datei exportieren möchte, kommt Meldung: Malwarebytes funktioniert nicht mehr - usw.

Anschließend habe ich AdwCleaner gestartet und infiziertes löschen lassen. Danach startete ich JRT und habe das logfile gespeiche

Jetzt habe ich mit Malwarebytes nochmal den Hyperdurchlauf gestartet, das funktionierte ohne Problem und es wurde nichts mehr gefunden sowie eine neue FRST-log erstellt.

Nochmals Danke für die Unterstützung und hier die files:

mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.09.2014
Suchlauf-Zeit: 23:25:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.09.06
Rootkit Datenbank: v2014.08.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *****

Suchlauf-Art: Hyper-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 262221
Verstrichene Zeit: 3 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Deaktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
AdwCleaner[S0].txt

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.309 - Bericht erstellt am 09/09/2014 um 21:43:07
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Downloads\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Windows Genuine Advantage
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\vGrabber-software
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Users\*****\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Seventh
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Sixth
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Snz
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Smartbar
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\extension@preispilot.com.xpi
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\snt@dotlabs.co.xpi
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\foxydeal.sqlite
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\user.js
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [extension@preispilot.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [Tubesaver@istqt.co]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Seventh]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_topowin_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_topowin_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\OfferMosquito
Schlüssel Gelöscht : HKCU\Software\Protector
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TubeSaver
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0 (x86 de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "FBDownloader Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "FBDownloader Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.fbdownloader.com/search.php?channel=sfit204fbdgy11&q=");
Zeile gelöscht : user_pref("simplenewtab.url", "hxxp://wisersearch.com/?channel=de_nt");

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8547 octets] - [09/09/2014 21:36:01]
AdwCleaner[S0].txt - [7746 octets] - [09/09/2014 21:43:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7806 octets] ##########
--- --- ---


Die JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by  on 09.09.2014 at 21:53:51,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-33822123-237600497-3884583694-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0557E17D-5D4A-4EE5-B630-BC1201A9E9BF}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\\AppData\Roaming\mozilla\firefox\profiles\meq50ppt.default\minidumps [16 files]
Emptied folder: C:\Users\\AppData\Roaming\mozilla\firefox\profiles\469cn0kq.Standard-Benutzer\minidumps [393 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.09.2014 at 22:10:31,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier FRST.txt

Code:
ATTFilter

FRST Logfile:

FRST Logfile:


	
Code: 

 
ATTFilter


  

	
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by ***** (administrator) on *****-PC on 09-09-2014 23:01:30
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\IKom\MYSQL\bin\mysqld-nt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Gerhard Junker) C:\Program Files (x86)\ncid.Net\ncid.Net.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Ulrich Krebs) C:\Program Files (x86)\Kalender\Kalender.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [ncid.Net] => C:\Program Files (x86)\ncid.Net\ncid.Net.exe [2248192 2013-11-11] (Gerhard Junker)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [991232 2014-02-22] (Ulrich Krebs)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-twncid-gui.bat.lnk
ShortcutTarget: start-twncid-gui.bat.lnk -> C:\TWNcid\start-twncid-gui.bat (No File)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk /r \??\H:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {3A32F94D-F172-42F1-B448-87128D6A3ED1} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87D65010-5005-4955-A218-FEE8589A50BA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9B3E6316-1C2E-4928-AE88-8B695931D47D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A6E92902-D674-4B10-8707-29C6983680B2} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CAE14CD4-A99D-4D4D-8774-1C41690D4B9D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F7810828-398E-4515-AF23-F71B4C4209D9} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer
FF SearchEngineOrder.1: Google
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{06AC9F7F-4180-4EA3-8542-83DE26507725}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{3F8E1834-7B54-450B-8167-50EC569A5AA2}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{87A67C4C-0C7D-456B-97D0-5291334E8CB9}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{51C2B004-B2D4-44D5-A763-9A1A79A79E88}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{C34FEE3A-91E8-4F14-88FD-5A6C5712A668}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{D21269EA-B86F-496F-A06F-BD6F11935C62}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-08-08]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: SPARWELT Gutscheinalarm - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ciuvo-extension@sparwelt.de.xpi [2013-01-26]
FF Extension: NO Google Analytics - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2013-03-13]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-08-06]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MySQL5; C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe [4493312 2012-12-29] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-09] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-09] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-08-16] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon64.sys [31448 2011-06-12] (G Data Software AG)
S3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-07-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-08-16] (G Data Software AG)
R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-07-15] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-07-09] (G Data Software AG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 22:10 - 2014-09-09 22:10 - 00001351 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-09 21:53 - 2014-09-09 21:53 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 21:52 - 2014-09-09 21:52 - 01016261 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-09-09 21:35 - 2014-09-09 21:49 - 00000000 ____D () C:\AdwCleaner
2014-09-09 21:34 - 2014-09-09 21:34 - 01370483 _____ () C:\Users\*****\Downloads\adwcleaner_3.309.exe
2014-09-09 21:26 - 2014-09-09 21:45 - 00008138 _____ () C:\windows\PFRO.log
2014-09-09 20:29 - 2014-09-09 21:45 - 00000168 _____ () C:\windows\setupact.log
2014-09-09 20:29 - 2014-09-09 20:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-08 18:10 - 2014-09-09 22:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 18:09 - 2014-09-08 18:09 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-08 18:09 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-08 18:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-08 18:05 - 2014-09-08 18:06 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00001046 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-08 18:01 - 2014-09-08 18:01 - 01101648 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-08 17:04 - 2014-09-09 23:01 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner entfernen-Programme
2014-09-08 17:03 - 2014-09-09 22:59 - 00000000 ____D () C:\Users\*****\Desktop\Log-Dateien
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:10 - 2014-09-09 23:01 - 00000000 ____D () C:\FRST
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 20:30 - 2014-09-07 20:37 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 22:48 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:28 - 2014-09-07 20:29 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 16:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-02 23:18 - 2014-09-02 23:23 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:21 - 2014-09-02 18:22 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-28 07:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 07:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 07:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 10:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-24 10:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-24 10:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-24 10:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-24 10:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-24 10:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:47 - 2014-08-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:11 - 2014-08-17 15:13 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-14 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-14 08:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 08:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 08:39 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 08:38 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-14 08:38 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-14 08:38 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-14 08:38 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-14 08:38 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-14 08:38 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-14 08:38 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-14 08:38 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-14 08:38 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-14 08:38 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-14 08:38 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-14 08:38 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-14 08:38 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-14 08:38 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-14 08:38 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-14 08:38 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-14 08:38 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-14 08:38 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-14 08:38 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-14 08:38 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-14 08:38 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-14 08:38 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-14 08:38 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-14 08:38 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-14 08:38 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-14 08:38 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 08:38 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-14 08:38 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-14 08:38 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-14 08:38 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-14 08:38 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-14 08:38 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-14 08:38 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-14 08:38 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-14 08:38 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-14 08:38 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-14 08:38 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-14 08:38 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-14 08:38 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 08:38 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-14 08:38 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-14 08:38 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-14 08:38 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-14 08:38 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-14 08:38 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-14 08:38 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-14 08:38 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-14 08:38 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-14 08:38 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-14 08:38 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-14 08:38 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-14 08:38 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-14 08:38 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-14 08:38 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-14 08:38 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-14 08:38 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-14 08:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 08:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 08:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:38 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 08:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 08:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 08:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-14 08:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 08:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 21:42 - 2014-08-12 21:43 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 19:39 - 2014-08-12 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 23:01 - 2014-09-08 17:04 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner entfernen-Programme
2014-09-09 23:01 - 2014-09-08 16:10 - 00000000 ____D () C:\FRST
2014-09-09 22:59 - 2014-09-08 17:03 - 00000000 ____D () C:\Users\*****\Desktop\Log-Dateien
2014-09-09 22:36 - 2014-09-08 18:10 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-09 22:25 - 2011-08-19 14:39 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 22:10 - 2014-09-09 22:10 - 00001351 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-09 21:53 - 2014-09-09 21:53 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 21:53 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 21:53 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 21:52 - 2014-09-09 21:52 - 01016261 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-09-09 21:50 - 2010-05-20 04:39 - 01989939 _____ () C:\windows\WindowsUpdate.log
2014-09-09 21:49 - 2014-09-09 21:35 - 00000000 ____D () C:\AdwCleaner
2014-09-09 21:45 - 2014-09-09 21:26 - 00008138 _____ () C:\windows\PFRO.log
2014-09-09 21:45 - 2014-09-09 20:29 - 00000168 _____ () C:\windows\setupact.log
2014-09-09 21:45 - 2011-08-19 14:39 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 21:45 - 2011-06-12 20:35 - 09429326 _____ () C:\FaceProv.log
2014-09-09 21:45 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-09 21:45 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-09 21:43 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Common
2014-09-09 21:34 - 2014-09-09 21:34 - 01370483 _____ () C:\Users\*****\Downloads\adwcleaner_3.309.exe
2014-09-09 20:29 - 2014-09-09 20:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-09 20:18 - 2012-11-28 16:42 - 00000000 ____D () C:\windows\Minidump
2014-09-09 11:29 - 2009-07-14 06:45 - 00447920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 18:39 - 2011-06-12 20:35 - 00119704 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 18:09 - 2014-09-08 18:09 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 18:06 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00001046 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-08 18:01 - 2014-09-08 18:01 - 01101648 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-08 17:18 - 2013-11-16 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:39 - 2011-06-12 20:35 - 00000000 ____D () C:\Users\*****
2014-09-08 15:21 - 2014-04-27 16:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\UK's Kalender
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\Users\*****\Documents\MailStore Home
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\ProgramData\firebird
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 22:48 - 2014-09-07 20:29 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:37 - 2014-09-07 20:30 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 20:28 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 16:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-07 13:25 - 2013-07-17 11:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:05 - 2014-03-20 11:44 - 00014169 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-09-04 09:33 - 2013-08-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Wisterer HX
2014-09-04 09:32 - 2013-08-02 20:04 - 00000000 ____D () C:\Users\*****\Documents\Wisterer HX
2014-09-03 13:32 - 2014-02-19 18:34 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-09-03 13:32 - 2012-03-04 19:11 - 00000722 _____ () C:\windows\wiso.ini
2014-09-03 13:32 - 2012-03-04 18:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-03 13:08 - 2010-05-19 20:24 - 00703192 _____ () C:\windows\system32\perfh007.dat
2014-09-03 13:08 - 2010-05-19 20:24 - 00150800 _____ () C:\windows\system32\perfc007.dat
2014-09-03 13:08 - 2009-07-14 07:13 - 01629284 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-02 23:23 - 2014-09-02 23:18 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 23:12 - 2012-08-21 17:10 - 00000000 ____D () C:\Users\*****\Tracing
2014-09-02 23:12 - 2011-09-17 11:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TeamViewer
2014-09-02 23:12 - 2011-07-30 23:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\PhotoScape
2014-09-02 23:11 - 2009-07-29 09:00 - 00000000 ____D () C:\windows\Panther
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:22 - 2014-09-02 18:21 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-29 19:34 - 2012-08-22 16:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\7-PDFSplitMerge
2014-08-27 11:57 - 2012-03-29 08:26 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 11:57 - 2011-06-13 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-25 09:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-24 18:35 - 2012-12-29 19:31 - 00000000 ____D () C:\Program Files\IKom
2014-08-24 15:12 - 2012-07-25 19:19 - 00000000 ____D () C:\A1-Faktura
2014-08-23 04:07 - 2014-08-28 07:43 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:43 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:43 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-20 16:43 - 2013-04-08 18:12 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-08-20 16:39 - 2011-06-12 22:37 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-19 19:06 - 2014-08-17 15:47 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:13 - 2014-08-17 15:11 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-16 08:41 - 2014-05-10 14:48 - 00001929 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-08-16 08:41 - 2011-06-12 22:43 - 00064000 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys
2014-08-16 08:40 - 2011-06-12 22:43 - 00142336 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-08-15 09:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 22:38 - 2013-08-15 22:20 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 22:32 - 2011-06-16 07:41 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 22:25 - 2014-05-01 00:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-12 21:43 - 2014-08-12 21:42 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 21:37 - 2014-08-12 19:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:15

==================== End Of Log ============================
         
 
--- --- ---

--- --- ---
und hier noch die Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by ***** at 2014-09-09 23:02:26
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Printer 7.2.0.1306 (HKLM\...\7-PDF Printer_is1) (Version: 7.2.0.1306 - 7-PDF, Germany - Th. Hodes)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A1-Faktura 1.429 (HKLM-x32\...\A1-Faktura_is1) (Version:  - A1-Faktura)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Artweaver Free 3.0 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.0 - Boris Eyrich Software)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Brother MFL-Pro Suite DCP-150C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{157F58B7-9109-406C-B0FE-C511F06FBF2E}) (Version: 0.8.11 - Kovid Goyal)
Cartoonist 1.3 (HKLM-x32\...\Cartoonist_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.31 - Abelssoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CSV-Import 3.9 (HKLM-x32\...\CSV-Import_is1) (Version:  - tm)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
Duden Korrektor Starterbox 3.51 (HKLM-x32\...\InstallShield_{EB56EDF6-1F3C-4084-A7DA-24A8C3711CB0}) (Version: 1.00.0160 RC3 - Brockhaus)
Duden Korrektor Starterbox 3.51 (x32 Version: 1.00.0160 RC3 - Brockhaus) Hidden
EasyCash&Tax 1.55 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
EasyRide&Tax 1.3 (HKLM-x32\...\EasyRide&Tax_is1) (Version:  - tm)
ECTPlugAnlagenverzeichnis 1.5 (HKLM-x32\...\ECTPlugAnlagenverzeichnis_is1) (Version:  - wolfram)
ECTPlugJavaScriptJournal 1.03 (HKLM-x32\...\ECTPlugJavaScriptJournal_is1) (Version:  - tm)
ECTPlugWolframsJournal 1.03 (HKLM-x32\...\ECTPlugWolframsJournal_is1) (Version:  - wolfram)
Elster-Export 1.10 (HKLM-x32\...\Elster-Export Plugin für EasyCash&Tax_is1) (Version:  - tm)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
English Translator (HKLM-x32\...\English Translator) (Version:  - Translator)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.5 - Astonsoft Ltd)
Fakturama (HKLM-x32\...\Fakturama) (Version: 1.5.0 - sebulli.com)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.1 - G DATA Software AG)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Gnumeric Spreadsheet 1.12.17-20140610 (HKCU\...\Gnumeric) (Version: 1.12.17-20140610 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
Haufe iDesk-Browser (HKLM-x32\...\{56FDB311-6511-11DE-832F-0050560400B1}) (Version: 9.06.30.7144 - Haufe)
Haufe iDesk-Service (HKLM-x32\...\{EB5AE940-8E5D-11DE-992A-005056B12123}) (Version: 9.08.21.7460 - Haufe)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ICE Kommunikationsmanager (HKLM-x32\...\IKom) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009F0}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lingoes 2.8.1 (HKLM-x32\...\Lingoes Translator_is1) (Version: 2.8.1 - Lingoes Project)
Luminance HDR 2.2.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MonKey Kassenbuch 2012, Version 9.1.2 (HKLM-x32\...\MonKey Kassenbuch 2012_is1) (Version:  - ProSaldo GmbH)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL (HKLM-x32\...\MySQL5) (Version:  - )
ncid.Net 2.14.1.0 (HKLM-x32\...\{0786323B-C2FF-4CA7-9FE1-1B50EEC6D6E8}) (Version: 2.14.1.0 - Gerhard Junker)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Mail 1.0 (HKCU\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail v4.63 Release 1, Build 325 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Tech Soft GmbH)
Personal Backup 5.3 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picturenaut 3.2 (HKLM\...\{2FAE878F-C959-4C70-9BEF-F01733D43970}) (Version: 3.2.0.1690 - Marc M.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
QuickSteuer Wissens-Center 2010 (HKLM-x32\...\{EDF80EF9-3903-4DDC-96BC-F7D863E689C4}) (Version: 16.0.1.0 - Haufe Mediengruppe)
Re/3 Import-Plugin 3.5 (HKLM-x32\...\Buchungs Plugin_is1) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
UK's Kalender 2.4.2 (HKLM-x32\...\UK's Kalender_is1) (Version:  - Ulrich Krebs)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.1.0226 - Lenovo)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )
Web Photo Album 1.2 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zimbra Desktop (HKLM-x32\...\{EF9D9FAD-D31E-493B-9A6B-28D56FE4EB8F}) (Version: 2.0.0 - Zimbra)
ZusammenfassendeMeldung 1.1 (HKLM-x32\...\ZusammenfassendeMeldung_is1) (Version:  - tm)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-08-2014 06:18:46 Windows Update
14-08-2014 20:24:01 Windows Update
19-08-2014 07:25:11 Windows Update
20-08-2014 14:41:01 Installed TomTom HOME.
24-08-2014 08:21:01 Windows Update
24-08-2014 08:29:40 Windows Update
28-08-2014 21:13:33 Windows Update
02-09-2014 07:21:21 Windows Update
09-09-2014 09:39:34 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066F2BF1-E96A-47A7-81C6-41A5F9CDEF83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {17321497-609D-4EFB-8EB5-ADA08980CCC8} - System32\Tasks\{04155270-E5C9-41A7-AF9E-7DCF6ADA0129} => E:\SETUP.EXE
Task: {245C8257-99F3-474F-BF08-15A1E617BF5E} - System32\Tasks\{0B031DCB-D7E0-48C7-B4AE-872BFECE82A7} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {256C1FA7-AD4E-400C-9722-5AEE73E30035} - System32\Tasks\{01EEF895-196F-4A54-8E3C-1B26C7336751} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {29414B50-7024-4435-9DC0-80032C9B2E23} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {2E607181-F23F-4211-8D88-7004B22172DB} - System32\Tasks\{4FE2D6B6-4403-4848-92AF-E4AAE7016CD5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {2F99050E-93D4-4620-9188-B4BA4B30E348} - System32\Tasks\{862A53A6-E4C8-45A6-850C-7B322028D98F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {328C46B3-3893-41B1-904A-8F7DABD0218D} - System32\Tasks\{32887CB8-15EC-4CD7-8504-F81DB180EEB8} => E:\SETUP.EXE
Task: {37ED1F1B-B737-4EAC-A653-490780F98F02} - System32\Tasks\{4422E10B-C6CA-4F6D-BFF8-D6189AF01A96} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {39313173-0F7D-4DCF-93BA-CAC9912538B5} - System32\Tasks\{8C774838-BAAE-48BE-9016-446AAF351137} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {458756C5-DEC6-489D-9C83-B32935C3737F} - System32\Tasks\{C7823A1B-7A07-4F97-AF69-E2A7BE6F14AE} => E:\SETUP.EXE
Task: {48363D53-CE1B-47A1-BE51-B90454F2E840} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4A87E9BB-5488-49CB-91B1-BE0012D42AD3} - System32\Tasks\Abelssoft\Updater scan => C:\PROGRAM FILES (X86)\CHIP UPDATER\CHIPUPDATER.EXE [2014-09-02] (CHIP)
Task: {5039E153-1C24-4F5C-A84F-C59969879EB3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {687BDDB5-7460-4ED2-887F-59DFB6A35303} - System32\Tasks\{0D2D28F1-0A82-4BF0-A0FD-37312C8ABA5E} => E:\SETUP.EXE
Task: {6A6804BE-94DA-40FD-AC85-B93223391828} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {713ECB1E-55C1-4F6E-B9FD-5454890B70E1} - System32\Tasks\{166CEC53-9FFF-4034-9DD3-9439F774AFA7} => E:\SETUP.EXE
Task: {90DE6611-24ED-48BD-9422-608E95E4A543} - System32\Tasks\{6F0C7DFF-1EAA-4DCA-90F2-78AF0754A53E} => E:\SETUP.EXE
Task: {974EB9F6-C9B8-4083-A0F0-108DE78224FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {98F3C491-228A-423B-AF59-4E3E49270733} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9C07A631-9B12-4365-924B-3038DEB70137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {A31AA768-B9AA-4055-8104-8242404AFC54} - System32\Tasks\{C649BD2A-DF6B-40C3-8B7D-EF259EB3E394} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {B0C65F50-9083-4AD5-AE6D-242215AC1175} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B0F3C637-0B45-4F40-9C1F-A43AF9A1DE58} - System32\Tasks\{A714B297-6F59-43EF-857F-0859983944D2} => E:\SETUP.EXE
Task: {B3AEE9F0-0A92-4BA4-AB83-1F4FBD420E19} - System32\Tasks\{44C5079F-B6EC-40DE-9B61-8AD082B9059C} => E:\SETUP.EXE
Task: {CF44C833-D4B8-4896-A9E9-554271F4925F} - System32\Tasks\{F1231D4F-3442-4036-AAF9-956E6275E6F1} => E:\SETUP.EXE
Task: {DAF9529E-F5C8-4C5C-8152-E8C8F9638068} - System32\Tasks\{12FC0358-645F-4666-B06B-2A68997E37C5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {DE684AE1-A48E-4E54-8909-7C2AA5540FE7} - System32\Tasks\{BCE3A580-1E1D-49AC-87AD-D4B03F4F24C2} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {F6983E5E-BACF-4F00-80E5-83E5ECF46F37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F8EB29E6-8CB7-4815-9F2E-C603D4DEBFE7} - System32\Tasks\{F69E41E9-2CFD-426E-8849-28DFE5EBF25F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-25 09:14 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-06-13 14:48 - 2010-06-17 21:56 - 00087040 _____ () C:\windows\System32\redmonnt.dll
2012-12-29 19:31 - 2012-12-29 19:31 - 04493312 _____ () C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe
2010-05-20 05:13 - 2009-12-19 04:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-05-20 05:13 - 2009-12-19 04:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-05-20 05:13 - 2009-12-19 04:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2010-05-20 05:15 - 2010-05-20 05:15 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-07-17 11:07 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-17 11:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-17 11:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-05-20 05:13 - 2009-12-19 04:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-05-20 05:13 - 2009-12-19 04:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-31 15:24 - 2012-05-31 15:24 - 00501760 ____R () C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
2012-06-01 08:44 - 2012-06-01 08:44 - 00159744 ____R () C:\Program Files (x86)\ncid.Net\ikpflac.dll
2011-06-20 07:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-05-20 04:44 - 2009-12-23 19:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\*****\2012_09_10_23_30 WEB.DE Statusreport - Ãœbersicht Ihrer Ordner.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_23_19_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_26_20_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_07_00 jomondo hat neue Angebote.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_21_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_10_02_22_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_11_10_21_29 testfilmbibpräsi.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Radio.fx => 2
MSCONFIG\startupreg: OMESupervisor => C:\Users\*****\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: rfxsrvtray => "D:\Tobit Radio.fx\Client\rfx-tray.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 10:33:14 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/09/2014 10:32:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/09/2014 10:30:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/09/2014 10:30:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/09/2014 10:33:14 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (09/09/2014 10:32:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/09/2014 10:30:08 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/09/2014 10:30:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 66%
Total physical RAM: 1974.85 MB
Available physical RAM: 655.64 MB
Total Pagefile: 3949.7 MB
Available Pagefile: 1748.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:174.26 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS
Drive g: (HDD) (Fixed) (Total:118.3 GB) (Free:66.75 GB) NTFS
Drive h: (Volume) (Fixed) (Total:170.9 GB) (Free:123.61 GB) NTFS
Drive i: (Volume) (Fixed) (Total:176.56 GB) (Free:43.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7E9D1089)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=118.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=170.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=176.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Das ist ja eine ganze Menge und morgen ist auch noch ein Tag, deshalb wünsche ich erstmal eine gute Nacht.

Viele Grüße
perseiden

Alt 10.09.2014, 17:35   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.09.2014, 21:07   #8
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Guten Abend "schrauber",

das sieht wohl nicht gut aus und hat ganz schön Arbeit gemacht ;-).
Ich hoffe nur das Du mir helfen kannst. Und nun die gewünschte Dateien:

1. Eset-log
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bc56a31143d18d4898e3288d3370f726
# engine=20100
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-11 05:19:42
# local_time=2014-09-11 07:19:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162085832 0 0
# scanned=467755
# found=32
# cleaned=0
# scan_time=37454
sh=AAD6F1CAA5C35AEEFCFBE646FB5093D2FB559AEC ft=1 fh=2ca4112e4b89bd5a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\ashampoo_burning_studio_elements_10.0.9_8678.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_2_3_setup.exe"
sh=CB3A78F873E2D501515029985B5213E6DFA53A07 ft=1 fh=0dc4f45713be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\setup_pimero_free-Downloader.exe"
sh=48FD60E5A677BD39B13E0188075E83137005259E ft=1 fh=ff79543ffacc5f95 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDF\PDFCreator-1_2_1_setup.exe"
sh=8E05264386E7A5BB39DF521952AABC76624D493A ft=1 fh=3a6facd612fa631a vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDF\PDFCreator-1_2_2_setup.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\Texterkennung\freeocr422.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Freeware.de\tbFre0.dll"
sh=9BAC64A295EF41E255CAAD650513F44192F15527 ft=1 fh=a743b476095adb23 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\7z465.exe"
sh=13419407FBF6DB96C5107CBA1387898185C5B6E8 ft=1 fh=ff678d7888e6161c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\Format-Factory-DE-2-50.exe"
sh=9B36CFE3F6F67BD682180D7B137B3A0BA991B092 ft=1 fh=e258c51ba23aaec4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\FreeYouTubeDownload21030.exe"
sh=0CE48DA603A5E7431002CE4ACA1F1546C5D6579E ft=1 fh=a7cab65addc4a365 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\FreeYouTubeToMP3Converter32.exe"
sh=72C6C668EEB4F3070C8190B250BBF714294F7D06 ft=1 fh=77b67014e3a6c765 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\m-s-mp3-manager-11.exe"
sh=83BFD5FEC80193807BC8EFA72D1FBB779F3C0571 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\Download\pcb2000.zip"
sh=294AB91288412DECB27232655ADD82FAF0B1C55D ft=1 fh=dabaed1395cd1d06 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\VeohWebPlayerSetup_eng.exe"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Conduit\Community Alerts\Alert.dll"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Conduit\Community Alerts\Alert0.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Freeware.de\tbFre0.dll"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Freeware.de\tbFre1.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Freeware.de\tbFree.dll"
sh=7D2F0E5193D0284D053F2469DC40F5AF032D504F ft=1 fh=6bec13335a37d0a2 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\PC-BIO2000\pcbio.exe"
sh=EAB2F8022480CFC154A12E0596B9BA1643AAF3D0 ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sicherungen\2-Amilo-Vista-Sicherung\Heruntergeladen\Downloads\bookssetup.exe"
sh=ED40C4209D69901D0B833BC16E0444B7202CE3EC ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sicherungen\2-Amilo-Vista-Sicherung\Heruntergeladen\Downloads\Mond.exe"
sh=96BD4273B35E8DF1AC36F10F912026074DE2A2B8 ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sicherungen\2-Amilo-Vista-Sicherung\Heruntergeladen\Downloads\zdesktop-7-0-1-b10791-win32.exe"
sh=9063890380C6D901AEDDA17D672EAAFBCF74214C ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 1.zip"
sh=6B846DB0EDA49BA3F2EE497B480E254D9EAE48D3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 14.zip"
sh=F07F910F658EAFBCFD81123CE9D4D319815D916A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 2.zip"
sh=A38F9ED85C4A50FB238B6C1F267B24BA1C0BF93C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 3.zip"
sh=BDB2BF0EFAA19EE19DF836C19DFF40AA66836514 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 4.zip"
sh=D6E734247DB9DFF45F9C15EA8A42B59A571DE564 ft=0 fh=0000000000000000 vn="möglicherweise Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 6.zip"
sh=435B841E263B52ADED0C0AADFD5CE2226778A9DD ft=1 fh=b749b88fedec4e00 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung-130209\Download\zlsSetup_70_483_000_en.exe"
2. SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G DATA ANTIVIRUS   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 HijackThis 2.0.2    
 ECTPlugJavaScriptJournal 1.03    
 Java 7 Update 67  
 Java 7 Update 9  
 Java SE Development Kit 7 Update 45 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (Firefox.) 
 Mozilla Thunderbird (24.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 G Data AntiVirus AVK AVKWCtlX64.exe 
 G Data AntiVirus AVK AVKService.exe 
 G Data AntiVirus AVKTray AVKTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
3. FRST-log


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by ***** (administrator) on *****-PC on 11-09-2014 20:20:11
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\IKom\MYSQL\bin\mysqld-nt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Gerhard Junker) C:\Program Files (x86)\ncid.Net\ncid.Net.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Ulrich Krebs) C:\Program Files (x86)\Kalender\Kalender.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [ncid.Net] => C:\Program Files (x86)\ncid.Net\ncid.Net.exe [2248192 2013-11-11] (Gerhard Junker)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [991232 2014-02-22] (Ulrich Krebs)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-twncid-gui.bat.lnk
ShortcutTarget: start-twncid-gui.bat.lnk -> C:\TWNcid\start-twncid-gui.bat (No File)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk /r \??\H:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {3A32F94D-F172-42F1-B448-87128D6A3ED1} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87D65010-5005-4955-A218-FEE8589A50BA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9B3E6316-1C2E-4928-AE88-8B695931D47D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A6E92902-D674-4B10-8707-29C6983680B2} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CAE14CD4-A99D-4D4D-8774-1C41690D4B9D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F7810828-398E-4515-AF23-F71B4C4209D9} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer
FF SearchEngineOrder.1: Google
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{06AC9F7F-4180-4EA3-8542-83DE26507725}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{3F8E1834-7B54-450B-8167-50EC569A5AA2}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{87A67C4C-0C7D-456B-97D0-5291334E8CB9}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{51C2B004-B2D4-44D5-A763-9A1A79A79E88}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{C34FEE3A-91E8-4F14-88FD-5A6C5712A668}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{D21269EA-B86F-496F-A06F-BD6F11935C62}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-08-08]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: SPARWELT Gutscheinalarm - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ciuvo-extension@sparwelt.de.xpi [2013-01-26]
FF Extension: NO Google Analytics - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2013-03-13]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-08-06]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MySQL5; C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe [4493312 2012-12-29] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-09] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-09] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-08-16] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon64.sys [31448 2011-06-12] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-07-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-08-16] (G Data Software AG)
R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-07-15] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-07-09] (G Data Software AG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 03:13 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-11 03:13 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-11 03:13 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-11 03:13 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-11 03:13 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-11 03:13 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-11 03:13 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-11 03:13 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-11 03:13 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-11 03:13 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-11 03:13 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-11 03:13 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-11 03:13 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-11 03:13 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-11 03:13 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-11 03:13 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-11 03:13 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-11 03:13 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:13 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-11 03:13 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-11 03:13 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:13 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-11 03:13 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:13 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:13 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-11 03:13 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-11 03:13 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-11 03:13 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-11 03:13 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-11 03:13 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-11 03:13 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-11 03:13 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-11 03:13 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-11 03:13 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-11 03:13 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-11 03:13 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:13 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-11 03:13 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-11 03:13 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-11 03:13 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-11 03:13 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-11 03:13 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-11 03:13 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-11 03:13 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-11 03:13 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:13 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-11 03:13 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-11 03:13 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-11 03:13 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-11 03:13 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-11 03:02 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-11 03:02 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:26 - 2014-09-10 22:26 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-10 22:25 - 2014-09-10 22:25 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe
2014-09-10 22:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 22:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 22:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 22:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 22:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 22:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 22:18 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 22:18 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 22:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 22:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-09 22:10 - 2014-09-09 22:10 - 00001351 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-09 21:53 - 2014-09-09 21:53 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 21:52 - 2014-09-09 21:52 - 01016261 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-09-09 21:35 - 2014-09-10 00:15 - 00000000 ____D () C:\AdwCleaner
2014-09-09 21:34 - 2014-09-09 21:34 - 01370483 _____ () C:\Users\*****\Downloads\adwcleaner_3.309.exe
2014-09-09 21:26 - 2014-09-09 21:45 - 00008138 _____ () C:\windows\PFRO.log
2014-09-09 20:29 - 2014-09-11 03:41 - 00000336 _____ () C:\windows\setupact.log
2014-09-09 20:29 - 2014-09-09 20:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-08 18:10 - 2014-09-11 18:51 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 18:09 - 2014-09-08 18:09 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-08 18:09 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-08 18:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-08 18:05 - 2014-09-08 18:06 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00001046 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-08 18:01 - 2014-09-08 18:01 - 01101648 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-08 17:04 - 2014-09-11 20:20 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner entfernen-Programme
2014-09-08 17:03 - 2014-09-11 20:17 - 00000000 ____D () C:\Users\*****\Desktop\Log-Dateien
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:10 - 2014-09-11 20:20 - 00000000 ____D () C:\FRST
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 20:30 - 2014-09-07 20:37 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 22:48 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:28 - 2014-09-07 20:29 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-02 23:18 - 2014-09-02 23:23 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:21 - 2014-09-02 18:22 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-28 07:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 07:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 07:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 10:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-24 10:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-24 10:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-24 10:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-24 10:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-24 10:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:47 - 2014-08-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:11 - 2014-08-17 15:13 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-14 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-14 08:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 08:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 08:39 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 08:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 08:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 08:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:38 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 08:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 08:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 08:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 21:42 - 2014-08-12 21:43 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 19:39 - 2014-08-12 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 20:20 - 2014-09-08 17:04 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner entfernen-Programme
2014-09-11 20:20 - 2014-09-08 16:10 - 00000000 ____D () C:\FRST
2014-09-11 20:17 - 2014-09-08 17:03 - 00000000 ____D () C:\Users\*****\Desktop\Log-Dateien
2014-09-11 19:25 - 2011-08-19 14:39 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 18:51 - 2014-09-08 18:10 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 16:20 - 2014-04-27 16:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\UK's Kalender
2014-09-11 12:25 - 2011-08-19 14:39 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 08:42 - 2010-05-20 04:39 - 01198742 _____ () C:\windows\WindowsUpdate.log
2014-09-11 05:16 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 05:16 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 05:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-11 03:44 - 2011-06-12 20:35 - 09451359 _____ () C:\FaceProv.log
2014-09-11 03:42 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-11 03:41 - 2014-09-09 20:29 - 00000336 _____ () C:\windows\setupact.log
2014-09-11 03:11 - 2010-05-20 05:07 - 01603564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:11 - 2010-05-19 20:24 - 00703192 _____ () C:\windows\system32\perfh007.dat
2014-09-11 03:11 - 2010-05-19 20:24 - 00150800 _____ () C:\windows\system32\perfc007.dat
2014-09-11 03:10 - 2009-07-14 07:13 - 01603564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-11 03:09 - 2013-08-15 22:20 - 00000000 ____D () C:\windows\system32\MRT
2014-09-11 03:03 - 2011-06-16 07:41 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-11 03:02 - 2014-05-01 00:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 22:26 - 2014-09-10 22:26 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-10 22:25 - 2014-09-10 22:25 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe
2014-09-10 00:15 - 2014-09-09 21:35 - 00000000 ____D () C:\AdwCleaner
2014-09-09 22:10 - 2014-09-09 22:10 - 00001351 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-09 21:53 - 2014-09-09 21:53 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 21:52 - 2014-09-09 21:52 - 01016261 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-09-09 21:45 - 2014-09-09 21:26 - 00008138 _____ () C:\windows\PFRO.log
2014-09-09 21:45 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-09 21:43 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Common
2014-09-09 21:34 - 2014-09-09 21:34 - 01370483 _____ () C:\Users\*****\Downloads\adwcleaner_3.309.exe
2014-09-09 20:29 - 2014-09-09 20:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-09 20:18 - 2012-11-28 16:42 - 00000000 ____D () C:\windows\Minidump
2014-09-09 11:29 - 2009-07-14 06:45 - 00447920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 18:39 - 2011-06-12 20:35 - 00119704 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 18:09 - 2014-09-08 18:09 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 18:06 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00001046 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-08 18:01 - 2014-09-08 18:01 - 01101648 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-08 17:18 - 2013-11-16 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:39 - 2011-06-12 20:35 - 00000000 ____D () C:\Users\*****
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\Users\*****\Documents\MailStore Home
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\ProgramData\firebird
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 22:48 - 2014-09-07 20:29 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:37 - 2014-09-07 20:30 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 20:28 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-07 13:25 - 2013-07-17 11:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:05 - 2014-03-20 11:44 - 00014169 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-09-05 04:10 - 2014-09-10 22:17 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 22:17 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 09:33 - 2013-08-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Wisterer HX
2014-09-04 09:32 - 2013-08-02 20:04 - 00000000 ____D () C:\Users\*****\Documents\Wisterer HX
2014-09-03 13:32 - 2014-02-19 18:34 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-09-03 13:32 - 2012-03-04 19:11 - 00000722 _____ () C:\windows\wiso.ini
2014-09-03 13:32 - 2012-03-04 18:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-02 23:23 - 2014-09-02 23:18 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 23:12 - 2012-08-21 17:10 - 00000000 ____D () C:\Users\*****\Tracing
2014-09-02 23:12 - 2011-09-17 11:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TeamViewer
2014-09-02 23:12 - 2011-07-30 23:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\PhotoScape
2014-09-02 23:11 - 2009-07-29 09:00 - 00000000 ____D () C:\windows\Panther
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:22 - 2014-09-02 18:21 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-29 19:34 - 2012-08-22 16:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\7-PDFSplitMerge
2014-08-27 11:57 - 2012-03-29 08:26 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 11:57 - 2011-06-13 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 18:35 - 2012-12-29 19:31 - 00000000 ____D () C:\Program Files\IKom
2014-08-24 15:12 - 2012-07-25 19:19 - 00000000 ____D () C:\A1-Faktura
2014-08-23 04:07 - 2014-08-28 07:43 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:43 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:43 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-20 16:43 - 2013-04-08 18:12 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-08-20 16:39 - 2011-06-12 22:37 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-08-19 20:05 - 2014-09-11 03:13 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:39 - 2014-09-11 03:13 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-19 19:06 - 2014-08-17 15:47 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-19 01:01 - 2014-09-11 03:13 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:13 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:13 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:13 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:13 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:13 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:13 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:13 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:13 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:13 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:13 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:13 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:13 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:13 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:13 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:13 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:13 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:13 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:13 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:13 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:13 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:13 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:13 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:13 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:13 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:13 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:13 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:13 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:13 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:13 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:13 - 2014-08-17 15:11 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-16 08:41 - 2014-05-10 14:48 - 00001929 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-08-16 08:41 - 2011-06-12 22:43 - 00064000 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys
2014-08-16 08:40 - 2011-06-12 22:43 - 00142336 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-08-15 09:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-12 21:43 - 2014-08-12 21:42 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 21:37 - 2014-08-12 19:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:15

==================== End Of Log ============================
--- --- ---


4. Addition-log

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by ***** at 2014-09-11 20:21:23
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Printer 7.2.0.1306 (HKLM\...\7-PDF Printer_is1) (Version: 7.2.0.1306 - 7-PDF, Germany - Th. Hodes)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A1-Faktura 1.429 (HKLM-x32\...\A1-Faktura_is1) (Version:  - A1-Faktura)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Artweaver Free 3.0 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.0 - Boris Eyrich Software)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Brother MFL-Pro Suite DCP-150C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{157F58B7-9109-406C-B0FE-C511F06FBF2E}) (Version: 0.8.11 - Kovid Goyal)
Cartoonist 1.3 (HKLM-x32\...\Cartoonist_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.31 - Abelssoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CSV-Import 3.9 (HKLM-x32\...\CSV-Import_is1) (Version:  - tm)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
Duden Korrektor Starterbox 3.51 (HKLM-x32\...\InstallShield_{EB56EDF6-1F3C-4084-A7DA-24A8C3711CB0}) (Version: 1.00.0160 RC3 - Brockhaus)
Duden Korrektor Starterbox 3.51 (x32 Version: 1.00.0160 RC3 - Brockhaus) Hidden
EasyCash&Tax 1.55 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
EasyRide&Tax 1.3 (HKLM-x32\...\EasyRide&Tax_is1) (Version:  - tm)
ECTPlugAnlagenverzeichnis 1.5 (HKLM-x32\...\ECTPlugAnlagenverzeichnis_is1) (Version:  - wolfram)
ECTPlugJavaScriptJournal 1.03 (HKLM-x32\...\ECTPlugJavaScriptJournal_is1) (Version:  - tm)
ECTPlugWolframsJournal 1.03 (HKLM-x32\...\ECTPlugWolframsJournal_is1) (Version:  - wolfram)
Elster-Export 1.10 (HKLM-x32\...\Elster-Export Plugin für EasyCash&Tax_is1) (Version:  - tm)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
English Translator (HKLM-x32\...\English Translator) (Version:  - Translator)
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.5 - Astonsoft Ltd)
Fakturama (HKLM-x32\...\Fakturama) (Version: 1.5.0 - sebulli.com)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.1 - G DATA Software AG)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Gnumeric Spreadsheet 1.12.17-20140610 (HKCU\...\Gnumeric) (Version: 1.12.17-20140610 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
Haufe iDesk-Browser (HKLM-x32\...\{56FDB311-6511-11DE-832F-0050560400B1}) (Version: 9.06.30.7144 - Haufe)
Haufe iDesk-Service (HKLM-x32\...\{EB5AE940-8E5D-11DE-992A-005056B12123}) (Version: 9.08.21.7460 - Haufe)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ICE Kommunikationsmanager (HKLM-x32\...\IKom) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009F0}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lingoes 2.8.1 (HKLM-x32\...\Lingoes Translator_is1) (Version: 2.8.1 - Lingoes Project)
Luminance HDR 2.2.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MonKey Kassenbuch 2012, Version 9.1.2 (HKLM-x32\...\MonKey Kassenbuch 2012_is1) (Version:  - ProSaldo GmbH)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL (HKLM-x32\...\MySQL5) (Version:  - )
ncid.Net 2.14.1.0 (HKLM-x32\...\{0786323B-C2FF-4CA7-9FE1-1B50EEC6D6E8}) (Version: 2.14.1.0 - Gerhard Junker)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Mail 1.0 (HKCU\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail v4.63 Release 1, Build 325 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Tech Soft GmbH)
Personal Backup 5.3 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picturenaut 3.2 (HKLM\...\{2FAE878F-C959-4C70-9BEF-F01733D43970}) (Version: 3.2.0.1690 - Marc M.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
QuickSteuer Wissens-Center 2010 (HKLM-x32\...\{EDF80EF9-3903-4DDC-96BC-F7D863E689C4}) (Version: 16.0.1.0 - Haufe Mediengruppe)
Re/3 Import-Plugin 3.5 (HKLM-x32\...\Buchungs Plugin_is1) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
UK's Kalender 2.4.2 (HKLM-x32\...\UK's Kalender_is1) (Version:  - Ulrich Krebs)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.1.0226 - Lenovo)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )
Web Photo Album 1.2 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zimbra Desktop (HKLM-x32\...\{EF9D9FAD-D31E-493B-9A6B-28D56FE4EB8F}) (Version: 2.0.0 - Zimbra)
ZusammenfassendeMeldung 1.1 (HKLM-x32\...\ZusammenfassendeMeldung_is1) (Version:  - tm)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 07:25:11 Windows Update
20-08-2014 14:41:01 Installed TomTom HOME.
24-08-2014 08:21:01 Windows Update
24-08-2014 08:29:40 Windows Update
28-08-2014 21:13:33 Windows Update
02-09-2014 07:21:21 Windows Update
09-09-2014 09:39:34 Windows Update
11-09-2014 01:00:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066F2BF1-E96A-47A7-81C6-41A5F9CDEF83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {17321497-609D-4EFB-8EB5-ADA08980CCC8} - System32\Tasks\{04155270-E5C9-41A7-AF9E-7DCF6ADA0129} => E:\SETUP.EXE
Task: {245C8257-99F3-474F-BF08-15A1E617BF5E} - System32\Tasks\{0B031DCB-D7E0-48C7-B4AE-872BFECE82A7} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {256C1FA7-AD4E-400C-9722-5AEE73E30035} - System32\Tasks\{01EEF895-196F-4A54-8E3C-1B26C7336751} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {29414B50-7024-4435-9DC0-80032C9B2E23} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {2E607181-F23F-4211-8D88-7004B22172DB} - System32\Tasks\{4FE2D6B6-4403-4848-92AF-E4AAE7016CD5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {2F99050E-93D4-4620-9188-B4BA4B30E348} - System32\Tasks\{862A53A6-E4C8-45A6-850C-7B322028D98F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {328C46B3-3893-41B1-904A-8F7DABD0218D} - System32\Tasks\{32887CB8-15EC-4CD7-8504-F81DB180EEB8} => E:\SETUP.EXE
Task: {37ED1F1B-B737-4EAC-A653-490780F98F02} - System32\Tasks\{4422E10B-C6CA-4F6D-BFF8-D6189AF01A96} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {39313173-0F7D-4DCF-93BA-CAC9912538B5} - System32\Tasks\{8C774838-BAAE-48BE-9016-446AAF351137} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {458756C5-DEC6-489D-9C83-B32935C3737F} - System32\Tasks\{C7823A1B-7A07-4F97-AF69-E2A7BE6F14AE} => E:\SETUP.EXE
Task: {48363D53-CE1B-47A1-BE51-B90454F2E840} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4A87E9BB-5488-49CB-91B1-BE0012D42AD3} - System32\Tasks\Abelssoft\Updater scan => C:\PROGRAM FILES (X86)\CHIP UPDATER\CHIPUPDATER.EXE [2014-09-02] (CHIP)
Task: {5039E153-1C24-4F5C-A84F-C59969879EB3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {687BDDB5-7460-4ED2-887F-59DFB6A35303} - System32\Tasks\{0D2D28F1-0A82-4BF0-A0FD-37312C8ABA5E} => E:\SETUP.EXE
Task: {6A6804BE-94DA-40FD-AC85-B93223391828} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {713ECB1E-55C1-4F6E-B9FD-5454890B70E1} - System32\Tasks\{166CEC53-9FFF-4034-9DD3-9439F774AFA7} => E:\SETUP.EXE
Task: {90DE6611-24ED-48BD-9422-608E95E4A543} - System32\Tasks\{6F0C7DFF-1EAA-4DCA-90F2-78AF0754A53E} => E:\SETUP.EXE
Task: {974EB9F6-C9B8-4083-A0F0-108DE78224FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {98F3C491-228A-423B-AF59-4E3E49270733} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9C07A631-9B12-4365-924B-3038DEB70137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {A31AA768-B9AA-4055-8104-8242404AFC54} - System32\Tasks\{C649BD2A-DF6B-40C3-8B7D-EF259EB3E394} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {B0C65F50-9083-4AD5-AE6D-242215AC1175} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B0F3C637-0B45-4F40-9C1F-A43AF9A1DE58} - System32\Tasks\{A714B297-6F59-43EF-857F-0859983944D2} => E:\SETUP.EXE
Task: {B3AEE9F0-0A92-4BA4-AB83-1F4FBD420E19} - System32\Tasks\{44C5079F-B6EC-40DE-9B61-8AD082B9059C} => E:\SETUP.EXE
Task: {CF44C833-D4B8-4896-A9E9-554271F4925F} - System32\Tasks\{F1231D4F-3442-4036-AAF9-956E6275E6F1} => E:\SETUP.EXE
Task: {DAF9529E-F5C8-4C5C-8152-E8C8F9638068} - System32\Tasks\{12FC0358-645F-4666-B06B-2A68997E37C5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {DE684AE1-A48E-4E54-8909-7C2AA5540FE7} - System32\Tasks\{BCE3A580-1E1D-49AC-87AD-D4B03F4F24C2} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {F6983E5E-BACF-4F00-80E5-83E5ECF46F37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F8EB29E6-8CB7-4815-9F2E-C603D4DEBFE7} - System32\Tasks\{F69E41E9-2CFD-426E-8849-28DFE5EBF25F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-25 09:14 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-06-13 14:48 - 2010-06-17 21:56 - 00087040 _____ () C:\windows\System32\redmonnt.dll
2012-12-29 19:31 - 2012-12-29 19:31 - 04493312 _____ () C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2010-05-20 05:13 - 2009-12-19 04:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-05-20 05:13 - 2009-12-19 04:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-05-20 05:15 - 2010-05-20 05:15 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-05-20 05:13 - 2009-12-19 04:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2010-05-20 05:13 - 2009-12-19 04:53 - 00120224 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WMCEvent.dll
2013-07-17 11:07 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-17 11:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-17 11:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-05-20 05:13 - 2009-12-19 04:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-05-20 05:13 - 2009-12-19 04:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-31 15:24 - 2012-05-31 15:24 - 00501760 ____R () C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
2012-06-01 08:44 - 2012-06-01 08:44 - 00159744 ____R () C:\Program Files (x86)\ncid.Net\ikpflac.dll
2011-06-20 07:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-05-20 04:44 - 2009-12-23 19:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\*****\2012_09_10_23_30 WEB.DE Statusreport - Übersicht Ihrer Ordner.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_23_19_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_26_20_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_07_00 jomondo hat neue Angebote.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_21_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_10_02_22_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_11_10_21_29 testfilmbibpräsi.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Radio.fx => 2
MSCONFIG\startupreg: OMESupervisor => C:\Users\*****\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: rfxsrvtray => "D:\Tobit Radio.fx\Client\rfx-tray.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2014 08:53:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 08:46:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 05:01:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/11/2014 04:59:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/11/2014 04:55:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/11/2014 04:55:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 03:37:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/09/11 03:37:51.245]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/11/2014 03:37:49 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/09/11 03:37:49.745]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (09/11/2014 01:52:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 01:49:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 10:16:01 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 08:51:53 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 08:45:52 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 03:46:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/11/2014 03:46:15 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/11/2014 03:45:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" ist vom Dienst "Windows Mobile-basierte Geräteverbindungen" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (09/11/2014 03:45:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Mobile-basierte Geräteverbindungen" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/11/2014 03:45:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Mobile-basierte Geräteverbindungen erreicht.


Microsoft Office Sessions:
=========================
Error: (09/11/2014 08:53:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe

Error: (09/11/2014 08:46:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/11/2014 05:01:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (09/11/2014 04:59:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/11/2014 04:55:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/11/2014 04:55:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/11/2014 03:37:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/09/11 03:37:51.245]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/11/2014 03:37:49 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/09/11 03:37:49.745]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 72%
Total physical RAM: 1974.85 MB
Available physical RAM: 548.35 MB
Total Pagefile: 3949.7 MB
Available Pagefile: 1478.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:173.98 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:0.95 GB) (Free:0.78 GB) FAT
Drive g: (HDD) (Fixed) (Total:118.3 GB) (Free:66.75 GB) NTFS
Drive h: (Volume) (Fixed) (Total:170.9 GB) (Free:123.61 GB) NTFS
Drive i: (Volume) (Fixed) (Total:176.56 GB) (Free:43.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7E9D1089)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=118.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=170.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=176.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 972.5 MB) (Disk ID: EED62DCE)
Partition 1: (Not Active) - (Size=972 MB) - (Type=06)

==================== End Of Log ============================
--- --- ---


Vielen Dank für Deine Mühe und sage schonmal Gute Nacht .

Viele Grüße
perseiden

Alt 11.09.2014, 21:11   #9
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Guten Abend "schrauber",

das sieht wohl nicht gut aus und hat ganz schön Arbeit gemacht ;-).
Ich hoffe nur das Du mir helfen kannst. Und nun die gewünschte Dateien:

1. Eset-log
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bc56a31143d18d4898e3288d3370f726
# engine=20100
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-11 05:19:42
# local_time=2014-09-11 07:19:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162085832 0 0
# scanned=467755
# found=32
# cleaned=0
# scan_time=37454
sh=AAD6F1CAA5C35AEEFCFBE646FB5093D2FB559AEC ft=1 fh=2ca4112e4b89bd5a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\ashampoo_burning_studio_elements_10.0.9_8678.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_2_3_setup.exe"
sh=CB3A78F873E2D501515029985B5213E6DFA53A07 ft=1 fh=0dc4f45713be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\setup_pimero_free-Downloader.exe"
sh=48FD60E5A677BD39B13E0188075E83137005259E ft=1 fh=ff79543ffacc5f95 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDF\PDFCreator-1_2_1_setup.exe"
sh=8E05264386E7A5BB39DF521952AABC76624D493A ft=1 fh=3a6facd612fa631a vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDF\PDFCreator-1_2_2_setup.exe"
sh=563E1B707747F87BD96829B81E92CA1EE04E83FD ft=1 fh=421b349ff9c9cc9b vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\Texterkennung\freeocr422.exe"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Freeware.de\tbFre0.dll"
sh=9BAC64A295EF41E255CAAD650513F44192F15527 ft=1 fh=a743b476095adb23 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\7z465.exe"
sh=13419407FBF6DB96C5107CBA1387898185C5B6E8 ft=1 fh=ff678d7888e6161c vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\Format-Factory-DE-2-50.exe"
sh=9B36CFE3F6F67BD682180D7B137B3A0BA991B092 ft=1 fh=e258c51ba23aaec4 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\FreeYouTubeDownload21030.exe"
sh=0CE48DA603A5E7431002CE4ACA1F1546C5D6579E ft=1 fh=a7cab65addc4a365 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\FreeYouTubeToMP3Converter32.exe"
sh=72C6C668EEB4F3070C8190B250BBF714294F7D06 ft=1 fh=77b67014e3a6c765 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\m-s-mp3-manager-11.exe"
sh=83BFD5FEC80193807BC8EFA72D1FBB779F3C0571 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\Download\pcb2000.zip"
sh=294AB91288412DECB27232655ADD82FAF0B1C55D ft=1 fh=dabaed1395cd1d06 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Download\VeohWebPlayerSetup_eng.exe"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Conduit\Community Alerts\Alert.dll"
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Conduit\Community Alerts\Alert0.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Freeware.de\tbFre0.dll"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Freeware.de\tbFre1.dll"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\Freeware.de\tbFree.dll"
sh=7D2F0E5193D0284D053F2469DC40F5AF032D504F ft=1 fh=6bec13335a37d0a2 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\Programme\PC-BIO2000\pcbio.exe"
sh=EAB2F8022480CFC154A12E0596B9BA1643AAF3D0 ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sicherungen\2-Amilo-Vista-Sicherung\Heruntergeladen\Downloads\bookssetup.exe"
sh=ED40C4209D69901D0B833BC16E0444B7202CE3EC ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sicherungen\2-Amilo-Vista-Sicherung\Heruntergeladen\Downloads\Mond.exe"
sh=96BD4273B35E8DF1AC36F10F912026074DE2A2B8 ft=1 fh=77b67014c21a5d01 vn="Variante von Win32/DownloadSponsor.B evtl. unerwünschte Anwendung" ac=I fn="H:\Sicherungen\2-Amilo-Vista-Sicherung\Heruntergeladen\Downloads\zdesktop-7-0-1-b10791-win32.exe"
sh=9063890380C6D901AEDDA17D672EAAFBCF74214C ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 1.zip"
sh=6B846DB0EDA49BA3F2EE497B480E254D9EAE48D3 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 14.zip"
sh=F07F910F658EAFBCFD81123CE9D4D319815D916A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 2.zip"
sh=A38F9ED85C4A50FB238B6C1F267B24BA1C0BF93C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 3.zip"
sh=BDB2BF0EFAA19EE19DF836C19DFF40AA66836514 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 4.zip"
sh=D6E734247DB9DFF45F9C15EA8A42B59A571DE564 ft=0 fh=0000000000000000 vn="möglicherweise Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="I:\*****-PC\Backup Set 2012-08-19 152342\Backup Files 2012-08-19 152342\Backup files 6.zip"
sh=435B841E263B52ADED0C0AADFD5CE2226778A9DD ft=1 fh=b749b88fedec4e00 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="I:\Sicherung-130209\Download\zlsSetup_70_483_000_en.exe"
2. SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G DATA ANTIVIRUS   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 HijackThis 2.0.2    
 ECTPlugJavaScriptJournal 1.03    
 Java 7 Update 67  
 Java 7 Update 9  
 Java SE Development Kit 7 Update 45 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (Firefox.) 
 Mozilla Thunderbird (24.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 G Data AntiVirus AVK AVKWCtlX64.exe 
 G Data AntiVirus AVK AVKService.exe 
 G Data AntiVirus AVKTray AVKTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
3. FRST-log


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by ***** (administrator) on *****-PC on 11-09-2014 20:20:11
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\IKom\MYSQL\bin\mysqld-nt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(G Data Software AG) C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Gerhard Junker) C:\Program Files (x86)\ncid.Net\ncid.Net.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Ulrich Krebs) C:\Program Files (x86)\Kalender\Kalender.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [ncid.Net] => C:\Program Files (x86)\ncid.Net\ncid.Net.exe [2248192 2013-11-11] (Gerhard Junker)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [Kalender] => C:\Program Files (x86)\Kalender\Kalender.exe [991232 2014-02-22] (Ulrich Krebs)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start-twncid-gui.bat.lnk
ShortcutTarget: start-twncid-gui.bat.lnk -> C:\TWNcid\start-twncid-gui.bat (No File)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk /r \??\I:autocheck autochk /r \??\H:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {3A32F94D-F172-42F1-B448-87128D6A3ED1} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {87D65010-5005-4955-A218-FEE8589A50BA} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {9B3E6316-1C2E-4928-AE88-8B695931D47D} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A6E92902-D674-4B10-8707-29C6983680B2} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {CAE14CD4-A99D-4D4D-8774-1C41690D4B9D} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {F7810828-398E-4515-AF23-F71B4C4209D9} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=948d3a02-7baf-4285-881f-12b013902143&pid=freewarede&mode=bounce&k=0
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: haufereader - No CLSID Value - 
Handler-x32: haufereader - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer
FF SearchEngineOrder.1: Google
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{06AC9F7F-4180-4EA3-8542-83DE26507725}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{3F8E1834-7B54-450B-8167-50EC569A5AA2}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\searchplugins\{87A67C4C-0C7D-456B-97D0-5291334E8CB9}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{51C2B004-B2D4-44D5-A763-9A1A79A79E88}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{C34FEE3A-91E8-4F14-88FD-5A6C5712A668}.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\searchplugins\{D21269EA-B86F-496F-A06F-BD6F11935C62}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\meq50ppt.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-08-08]
FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: SPARWELT Gutscheinalarm - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\ciuvo-extension@sparwelt.de.xpi [2013-01-26]
FF Extension: NO Google Analytics - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2013-03-13]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-08-06]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\469cn0kq.Standard-Benutzer\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-07-30] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MySQL5; C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe [4493312 2012-12-29] () [File not signed]
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-09] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-09] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-08-16] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon64.sys [31448 2011-06-12] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-07-09] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-08-16] (G Data Software AG)
R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-07-15] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-07-09] (G Data Software AG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 03:13 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-11 03:13 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-11 03:13 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-11 03:13 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-11 03:13 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-11 03:13 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-11 03:13 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-11 03:13 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-11 03:13 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-11 03:13 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-11 03:13 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-11 03:13 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-11 03:13 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-11 03:13 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-11 03:13 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-11 03:13 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-11 03:13 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-11 03:13 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:13 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-11 03:13 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-11 03:13 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:13 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-11 03:13 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:13 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:13 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-11 03:13 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-11 03:13 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-11 03:13 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-11 03:13 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-11 03:13 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-11 03:13 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-11 03:13 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-11 03:13 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-11 03:13 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-11 03:13 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-11 03:13 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:13 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-11 03:13 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-11 03:13 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-11 03:13 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-11 03:13 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-11 03:13 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-11 03:13 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-11 03:13 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-11 03:13 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:13 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-11 03:13 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-11 03:13 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-11 03:13 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-11 03:13 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-11 03:02 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-11 03:02 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:26 - 2014-09-10 22:26 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-10 22:25 - 2014-09-10 22:25 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe
2014-09-10 22:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 22:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:18 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 22:18 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 22:18 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 22:18 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 22:18 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 22:18 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 22:18 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 22:17 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 22:17 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-09 22:10 - 2014-09-09 22:10 - 00001351 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-09 21:53 - 2014-09-09 21:53 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 21:52 - 2014-09-09 21:52 - 01016261 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-09-09 21:35 - 2014-09-10 00:15 - 00000000 ____D () C:\AdwCleaner
2014-09-09 21:34 - 2014-09-09 21:34 - 01370483 _____ () C:\Users\*****\Downloads\adwcleaner_3.309.exe
2014-09-09 21:26 - 2014-09-09 21:45 - 00008138 _____ () C:\windows\PFRO.log
2014-09-09 20:29 - 2014-09-11 03:41 - 00000336 _____ () C:\windows\setupact.log
2014-09-09 20:29 - 2014-09-09 20:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-08 18:10 - 2014-09-11 18:51 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 18:09 - 2014-09-08 18:09 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-08 18:09 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-08 18:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-08 18:05 - 2014-09-08 18:06 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00001046 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-08 18:01 - 2014-09-08 18:01 - 01101648 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-08 17:04 - 2014-09-11 20:20 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner entfernen-Programme
2014-09-08 17:03 - 2014-09-11 20:17 - 00000000 ____D () C:\Users\*****\Desktop\Log-Dateien
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:10 - 2014-09-11 20:20 - 00000000 ____D () C:\FRST
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 20:30 - 2014-09-07 20:37 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 22:48 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:28 - 2014-09-07 20:29 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-02 23:18 - 2014-09-02 23:23 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:21 - 2014-09-02 18:22 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-28 07:43 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 07:43 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 07:43 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 10:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-24 10:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-24 10:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-24 10:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-24 10:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-24 10:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-24 10:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-24 10:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:47 - 2014-08-19 19:06 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-17 15:11 - 2014-08-17 15:13 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-14 22:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 22:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 22:25 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:25 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 22:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 22:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-14 08:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-14 08:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-14 08:39 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:39 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-14 08:39 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-14 08:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-14 08:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-14 08:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:38 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-14 08:38 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-14 08:38 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-14 08:38 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-14 08:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-14 08:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-12 21:42 - 2014-08-12 21:43 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 19:39 - 2014-08-12 21:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 20:20 - 2014-09-08 17:04 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner entfernen-Programme
2014-09-11 20:20 - 2014-09-08 16:10 - 00000000 ____D () C:\FRST
2014-09-11 20:17 - 2014-09-08 17:03 - 00000000 ____D () C:\Users\*****\Desktop\Log-Dateien
2014-09-11 19:25 - 2011-08-19 14:39 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 18:51 - 2014-09-08 18:10 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 16:20 - 2014-04-27 16:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\UK's Kalender
2014-09-11 12:25 - 2011-08-19 14:39 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 08:42 - 2010-05-20 04:39 - 01198742 _____ () C:\windows\WindowsUpdate.log
2014-09-11 05:16 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 05:16 - 2009-07-14 06:45 - 00022240 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 05:09 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-11 03:44 - 2011-06-12 20:35 - 09451359 _____ () C:\FaceProv.log
2014-09-11 03:42 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-11 03:41 - 2014-09-09 20:29 - 00000336 _____ () C:\windows\setupact.log
2014-09-11 03:11 - 2010-05-20 05:07 - 01603564 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:11 - 2010-05-19 20:24 - 00703192 _____ () C:\windows\system32\perfh007.dat
2014-09-11 03:11 - 2010-05-19 20:24 - 00150800 _____ () C:\windows\system32\perfc007.dat
2014-09-11 03:10 - 2009-07-14 07:13 - 01603564 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-11 03:09 - 2013-08-15 22:20 - 00000000 ____D () C:\windows\system32\MRT
2014-09-11 03:03 - 2011-06-16 07:41 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-11 03:02 - 2014-05-01 00:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 22:26 - 2014-09-10 22:26 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-10 22:25 - 2014-09-10 22:25 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe
2014-09-10 00:15 - 2014-09-09 21:35 - 00000000 ____D () C:\AdwCleaner
2014-09-09 22:10 - 2014-09-09 22:10 - 00001351 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-09 21:53 - 2014-09-09 21:53 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 21:52 - 2014-09-09 21:52 - 01016261 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2014-09-09 21:45 - 2014-09-09 21:26 - 00008138 _____ () C:\windows\PFRO.log
2014-09-09 21:45 - 2009-07-14 07:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-09 21:43 - 2013-08-02 13:42 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Common
2014-09-09 21:34 - 2014-09-09 21:34 - 01370483 _____ () C:\Users\*****\Downloads\adwcleaner_3.309.exe
2014-09-09 20:29 - 2014-09-09 20:29 - 00000000 _____ () C:\windows\setuperr.log
2014-09-09 20:18 - 2012-11-28 16:42 - 00000000 ____D () C:\windows\Minidump
2014-09-09 11:29 - 2009-07-14 06:45 - 00447920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 18:39 - 2011-06-12 20:35 - 00119704 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 18:09 - 2014-09-08 18:09 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:09 - 2014-09-08 18:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-08 18:06 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00001046 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\windows\System32\Tasks\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-09-08 18:05 - 2014-09-08 18:05 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-08 18:01 - 2014-09-08 18:01 - 01101648 _____ () C:\Users\*****\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-09-08 17:18 - 2013-11-16 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-09-08 16:39 - 2011-06-12 20:35 - 00000000 ____D () C:\Users\*****
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\Users\*****\Documents\MailStore Home
2014-09-08 11:49 - 2013-07-27 12:04 - 00000000 ____D () C:\ProgramData\firebird
2014-09-07 22:48 - 2014-09-07 22:48 - 00000118 ___RH () C:\Users\*****\Downloads\Stinger.opt
2014-09-07 22:48 - 2014-09-07 20:29 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-09-07 20:37 - 2014-09-07 20:30 - 00000862 _____ () C:\Users\*****\Downloads\Stinger_07092014_202959.html
2014-09-07 20:29 - 2014-09-07 20:28 - 11002728 _____ (McAfee Inc) C:\Users\*****\Downloads\stinger32.exe
2014-09-07 14:59 - 2014-09-07 14:59 - 05049344 _____ (Crawler.com ) C:\Users\*****\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-09-07 13:25 - 2013-07-17 11:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-07 13:05 - 2014-03-20 11:44 - 00014169 _____ () C:\Users\*****\Desktop\hijackthis.log
2014-09-05 04:10 - 2014-09-10 22:17 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 22:17 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 09:33 - 2013-08-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Wisterer HX
2014-09-04 09:32 - 2013-08-02 20:04 - 00000000 ____D () C:\Users\*****\Documents\Wisterer HX
2014-09-03 13:32 - 2014-02-19 18:34 - 00000000 ____D () C:\Program Files (x86)\Steuer 2013
2014-09-03 13:32 - 2012-03-04 19:11 - 00000722 _____ () C:\windows\wiso.ini
2014-09-03 13:32 - 2012-03-04 18:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-09-02 23:23 - 2014-09-02 23:18 - 00000000 ____D () C:\CCleaner-Sicherung-Registry
2014-09-02 23:12 - 2012-08-21 17:10 - 00000000 ____D () C:\Users\*****\Tracing
2014-09-02 23:12 - 2011-09-17 11:56 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TeamViewer
2014-09-02 23:12 - 2011-07-30 23:57 - 00000000 ____D () C:\Users\*****\AppData\Roaming\PhotoScape
2014-09-02 23:11 - 2009-07-29 09:00 - 00000000 ____D () C:\windows\Panther
2014-09-02 18:23 - 2014-09-02 18:23 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 18:23 - 2014-09-02 18:23 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 18:23 - 2014-09-02 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-02 18:22 - 2014-09-02 18:21 - 03826912 _____ (Piriform Ltd) C:\Users\*****\Downloads\ccsetup417_slim.exe
2014-08-29 19:34 - 2012-08-22 16:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\7-PDFSplitMerge
2014-08-27 11:57 - 2012-03-29 08:26 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-27 11:57 - 2011-06-13 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-27 09:58 - 2014-08-27 09:58 - 00001377 _____ () C:\Users\*****\Desktop\Internet Explorer.lnk
2014-08-24 18:35 - 2012-12-29 19:31 - 00000000 ____D () C:\Program Files\IKom
2014-08-24 15:12 - 2012-07-25 19:19 - 00000000 ____D () C:\A1-Faktura
2014-08-23 04:07 - 2014-08-28 07:43 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:43 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:43 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-20 16:43 - 2014-08-20 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2014-08-20 16:43 - 2013-04-08 18:12 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-08-20 16:39 - 2011-06-12 22:37 - 00000000 ____D () C:\Users\*****\AppData\Local\Downloaded Installations
2014-08-19 20:05 - 2014-09-11 03:13 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 19:52 - 2014-08-19 19:52 - 00004637 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2014-08-19 19:39 - 2014-09-11 03:13 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-19 19:07 - 2014-08-19 19:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-19 19:06 - 2014-08-17 15:47 - 00000000 ____D () C:\Program Files (x86)\Gnumeric
2014-08-19 01:01 - 2014-09-11 03:13 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:13 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:13 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:13 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:13 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:13 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 03:13 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 03:13 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:13 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 03:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 03:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 03:13 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 03:13 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 03:13 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 03:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 03:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 03:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 03:13 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 03:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 03:13 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 03:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 03:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 03:13 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 03:13 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 03:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 03:13 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 03:13 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 03:13 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 03:13 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 03:13 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 03:13 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 03:13 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 03:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 03:13 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 03:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 03:13 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:13 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 03:13 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 03:13 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 03:13 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 03:13 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 03:13 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 03:13 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 03:13 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 03:13 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 03:13 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-17 15:48 - 2014-08-17 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnumeric
2014-08-17 15:13 - 2014-08-17 15:11 - 21149805 _____ () C:\Users\*****\Downloads\gnumeric-1.12.17-20140610.exe
2014-08-16 08:41 - 2014-08-16 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA ANTIVIRUS
2014-08-16 08:41 - 2014-05-10 14:48 - 00001929 _____ () C:\Users\Public\Desktop\G DATA ANTIVIRUS.lnk
2014-08-16 08:41 - 2011-06-12 22:43 - 00064000 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys
2014-08-16 08:40 - 2011-06-12 22:43 - 00142336 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-08-15 09:32 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-12 21:43 - 2014-08-12 21:42 - 00000000 ____D () C:\Users\*****\Tonaufnahmen
2014-08-12 21:37 - 2014-08-12 19:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Audacity
2014-08-12 19:38 - 2014-08-12 19:38 - 00001015 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00001003 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-08-12 19:38 - 2014-08-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-08-12 19:34 - 2014-08-12 19:34 - 01101648 _____ () C:\Users\*****\Downloads\Audacity - CHIP-Installer.exe

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 09:15

==================== End Of Log ============================
--- --- ---

--- --- ---


4. Addition-log

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by ***** at 2014-09-11 20:21:23
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA ANTIVIRUS (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA ANTIVIRUS (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Printer 7.2.0.1306 (HKLM\...\7-PDF Printer_is1) (Version: 7.2.0.1306 - 7-PDF, Germany - Th. Hodes)
7-PDF Split & Merge Version 2.0.4 (Build 112) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.0.4 (Build 112) - 7-PDF, Germany - Thorsten Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A1-Faktura 1.429 (HKLM-x32\...\A1-Faktura_is1) (Version:  - A1-Faktura)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Artweaver Free 3.0 (HKLM-x32\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.0 - Boris Eyrich Software)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Brother MFL-Pro Suite DCP-150C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
calibre (HKLM-x32\...\{157F58B7-9109-406C-B0FE-C511F06FBF2E}) (Version: 0.8.11 - Kovid Goyal)
Cartoonist 1.3 (HKLM-x32\...\Cartoonist_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.31 - Abelssoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant)
CSV-Import 3.9 (HKLM-x32\...\CSV-Import_is1) (Version:  - tm)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
Duden Korrektor Starterbox 3.51 (HKLM-x32\...\InstallShield_{EB56EDF6-1F3C-4084-A7DA-24A8C3711CB0}) (Version: 1.00.0160 RC3 - Brockhaus)
Duden Korrektor Starterbox 3.51 (x32 Version: 1.00.0160 RC3 - Brockhaus) Hidden
EasyCash&Tax 1.55 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
EasyRide&Tax 1.3 (HKLM-x32\...\EasyRide&Tax_is1) (Version:  - tm)
ECTPlugAnlagenverzeichnis 1.5 (HKLM-x32\...\ECTPlugAnlagenverzeichnis_is1) (Version:  - wolfram)
ECTPlugJavaScriptJournal 1.03 (HKLM-x32\...\ECTPlugJavaScriptJournal_is1) (Version:  - tm)
ECTPlugWolframsJournal 1.03 (HKLM-x32\...\ECTPlugWolframsJournal_is1) (Version:  - wolfram)
Elster-Export 1.10 (HKLM-x32\...\Elster-Export Plugin für EasyCash&Tax_is1) (Version:  - tm)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
English Translator (HKLM-x32\...\English Translator) (Version:  - Translator)
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.5 - Astonsoft Ltd)
Fakturama (HKLM-x32\...\Fakturama) (Version: 1.5.0 - sebulli.com)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
G DATA ANTIVIRUS (HKLM-x32\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.1 - G DATA Software AG)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Gnumeric Spreadsheet 1.12.17-20140610 (HKCU\...\Gnumeric) (Version: 1.12.17-20140610 - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
Haufe iDesk-Browser (HKLM-x32\...\{56FDB311-6511-11DE-832F-0050560400B1}) (Version: 9.06.30.7144 - Haufe)
Haufe iDesk-Service (HKLM-x32\...\{EB5AE940-8E5D-11DE-992A-005056B12123}) (Version: 9.08.21.7460 - Haufe)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
ICE Kommunikationsmanager (HKLM-x32\...\IKom) (Version:  - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009F0}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lexware Info Service (HKLM-x32\...\{59624372-3B85-47f4-9B04-4911E551DF1E}) (Version: 2.61.00.0033 - Lexware GmbH & Co. KG)
Lingoes 2.8.1 (HKLM-x32\...\Lingoes Translator_is1) (Version: 2.8.1 - Lingoes Project)
Luminance HDR 2.2.0 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
MAGIX FunPix Maker 1.0.0.0 (D) (HKLM-x32\...\MAGIX FunPix Maker D) (Version: 1.0.0.0 - MAGIX AG)
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
MonKey Kassenbuch 2012, Version 9.1.2 (HKLM-x32\...\MonKey Kassenbuch 2012_is1) (Version:  - ProSaldo GmbH)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL (HKLM-x32\...\MySQL5) (Version:  - )
ncid.Net 2.14.1.0 (HKLM-x32\...\{0786323B-C2FF-4CA7-9FE1-1B50EEC6D6E8}) (Version: 2.14.1.0 - Gerhard Junker)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera Mail 1.0 (HKCU\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Pegasus Mail HTML Renderer 2.4.7.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail v4.63 Release 1, Build 325 (Deutsche Komplettversi (HKLM-x32\...\Pegasus Mail, Deutsche Komplettversion_is1) (Version:  - Tech Soft GmbH)
Personal Backup 5.3 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picturenaut 3.2 (HKLM\...\{2FAE878F-C959-4C70-9BEF-F01733D43970}) (Version: 3.2.0.1690 - Marc M.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
QuickSteuer Wissens-Center 2010 (HKLM-x32\...\{EDF80EF9-3903-4DDC-96BC-F7D863E689C4}) (Version: 16.0.1.0 - Haufe Mediengruppe)
Re/3 Import-Plugin 3.5 (HKLM-x32\...\Buchungs Plugin_is1) (Version:  - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
UK's Kalender 2.4.2 (HKLM-x32\...\UK's Kalender_is1) (Version:  - Ulrich Krebs)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.1.0226 - Lenovo)
Visitenkarten in 2 Minuten (HKLM-x32\...\Visitenkarten in 2 Minuten) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
waterMark V2 (HKLM-x32\...\waterMark V2) (Version:  - )
Web Photo Album 1.2 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zimbra Desktop (HKLM-x32\...\{EF9D9FAD-D31E-493B-9A6B-28D56FE4EB8F}) (Version: 2.0.0 - Zimbra)
ZusammenfassendeMeldung 1.1 (HKLM-x32\...\ZusammenfassendeMeldung_is1) (Version:  - tm)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 07:25:11 Windows Update
20-08-2014 14:41:01 Installed TomTom HOME.
24-08-2014 08:21:01 Windows Update
24-08-2014 08:29:40 Windows Update
28-08-2014 21:13:33 Windows Update
02-09-2014 07:21:21 Windows Update
09-09-2014 09:39:34 Windows Update
11-09-2014 01:00:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066F2BF1-E96A-47A7-81C6-41A5F9CDEF83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {17321497-609D-4EFB-8EB5-ADA08980CCC8} - System32\Tasks\{04155270-E5C9-41A7-AF9E-7DCF6ADA0129} => E:\SETUP.EXE
Task: {245C8257-99F3-474F-BF08-15A1E617BF5E} - System32\Tasks\{0B031DCB-D7E0-48C7-B4AE-872BFECE82A7} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {256C1FA7-AD4E-400C-9722-5AEE73E30035} - System32\Tasks\{01EEF895-196F-4A54-8E3C-1B26C7336751} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {29414B50-7024-4435-9DC0-80032C9B2E23} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {2E607181-F23F-4211-8D88-7004B22172DB} - System32\Tasks\{4FE2D6B6-4403-4848-92AF-E4AAE7016CD5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {2F99050E-93D4-4620-9188-B4BA4B30E348} - System32\Tasks\{862A53A6-E4C8-45A6-850C-7B322028D98F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {328C46B3-3893-41B1-904A-8F7DABD0218D} - System32\Tasks\{32887CB8-15EC-4CD7-8504-F81DB180EEB8} => E:\SETUP.EXE
Task: {37ED1F1B-B737-4EAC-A653-490780F98F02} - System32\Tasks\{4422E10B-C6CA-4F6D-BFF8-D6189AF01A96} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {39313173-0F7D-4DCF-93BA-CAC9912538B5} - System32\Tasks\{8C774838-BAAE-48BE-9016-446AAF351137} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {458756C5-DEC6-489D-9C83-B32935C3737F} - System32\Tasks\{C7823A1B-7A07-4F97-AF69-E2A7BE6F14AE} => E:\SETUP.EXE
Task: {48363D53-CE1B-47A1-BE51-B90454F2E840} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4A87E9BB-5488-49CB-91B1-BE0012D42AD3} - System32\Tasks\Abelssoft\Updater scan => C:\PROGRAM FILES (X86)\CHIP UPDATER\CHIPUPDATER.EXE [2014-09-02] (CHIP)
Task: {5039E153-1C24-4F5C-A84F-C59969879EB3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {687BDDB5-7460-4ED2-887F-59DFB6A35303} - System32\Tasks\{0D2D28F1-0A82-4BF0-A0FD-37312C8ABA5E} => E:\SETUP.EXE
Task: {6A6804BE-94DA-40FD-AC85-B93223391828} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {713ECB1E-55C1-4F6E-B9FD-5454890B70E1} - System32\Tasks\{166CEC53-9FFF-4034-9DD3-9439F774AFA7} => E:\SETUP.EXE
Task: {90DE6611-24ED-48BD-9422-608E95E4A543} - System32\Tasks\{6F0C7DFF-1EAA-4DCA-90F2-78AF0754A53E} => E:\SETUP.EXE
Task: {974EB9F6-C9B8-4083-A0F0-108DE78224FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {98F3C491-228A-423B-AF59-4E3E49270733} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {9C07A631-9B12-4365-924B-3038DEB70137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
Task: {A31AA768-B9AA-4055-8104-8242404AFC54} - System32\Tasks\{C649BD2A-DF6B-40C3-8B7D-EF259EB3E394} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {B0C65F50-9083-4AD5-AE6D-242215AC1175} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {B0F3C637-0B45-4F40-9C1F-A43AF9A1DE58} - System32\Tasks\{A714B297-6F59-43EF-857F-0859983944D2} => E:\SETUP.EXE
Task: {B3AEE9F0-0A92-4BA4-AB83-1F4FBD420E19} - System32\Tasks\{44C5079F-B6EC-40DE-9B61-8AD082B9059C} => E:\SETUP.EXE
Task: {CF44C833-D4B8-4896-A9E9-554271F4925F} - System32\Tasks\{F1231D4F-3442-4036-AAF9-956E6275E6F1} => E:\SETUP.EXE
Task: {DAF9529E-F5C8-4C5C-8152-E8C8F9638068} - System32\Tasks\{12FC0358-645F-4666-B06B-2A68997E37C5} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {DE684AE1-A48E-4E54-8909-7C2AA5540FE7} - System32\Tasks\{BCE3A580-1E1D-49AC-87AD-D4B03F4F24C2} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: {F6983E5E-BACF-4F00-80E5-83E5ECF46F37} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F8EB29E6-8CB7-4815-9F2E-C603D4DEBFE7} - System32\Tasks\{F69E41E9-2CFD-426E-8849-28DFE5EBF25F} => C:\fmp3\AQpe\AQUISA.EXE [2004-10-27] ()
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-25 09:14 - 2005-03-12 01:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-06-13 14:48 - 2010-06-17 21:56 - 00087040 _____ () C:\windows\System32\redmonnt.dll
2012-12-29 19:31 - 2012-12-29 19:31 - 04493312 _____ () C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2010-05-20 05:13 - 2009-12-19 04:52 - 00201120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-05-20 05:13 - 2009-12-19 04:53 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2010-05-20 05:15 - 2010-05-20 05:15 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-05-20 05:28 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-05-20 05:13 - 2009-12-19 04:52 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2010-05-20 05:13 - 2009-12-19 04:53 - 00120224 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WMCEvent.dll
2013-07-17 11:07 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-17 11:07 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-17 11:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-17 11:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-05-20 05:13 - 2009-12-19 04:50 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-05-20 05:13 - 2009-12-19 04:51 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-31 15:24 - 2012-05-31 15:24 - 00501760 ____R () C:\Program Files (x86)\ncid.Net\irrKlang.NET4.dll
2012-06-01 08:44 - 2012-06-01 08:44 - 00159744 ____R () C:\Program Files (x86)\ncid.Net\ikpflac.dll
2011-06-20 07:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-05-20 04:44 - 2009-12-23 19:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\*****\2012_09_10_23_30 WEB.DE Statusreport - Übersicht Ihrer Ordner.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_23_19_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_26_20_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_07_00 jomondo hat neue Angebote.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_09_29_21_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_10_02_22_10 Ihr Account bei nPage.de.eml:OECustomProperty
AlternateDataStreams: C:\Users\*****\2012_11_10_21_29 testfilmbibpräsi.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Radio.fx => 2
MSCONFIG\startupreg: OMESupervisor => C:\Users\*****\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: rfxsrvtray => "D:\Tobit Radio.fx\Client\rfx-tray.exe"
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n-Netzwerkadapter
Description: Broadcom 802.11n-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2014 08:53:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 08:46:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 05:01:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/11/2014 04:59:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/11/2014 04:55:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/11/2014 04:55:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/11/2014 03:37:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/09/11 03:37:51.245]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/11/2014 03:37:49 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/09/11 03:37:49.745]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (09/11/2014 01:52:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 01:49:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 10:16:01 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 08:51:53 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 08:45:52 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B14E132-7FED-4E6C-9B15-0E572119254A}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/11/2014 03:46:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (09/11/2014 03:46:15 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/11/2014 03:45:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Mobile 2003-basierte Gerätekonnektivität" ist vom Dienst "Windows Mobile-basierte Geräteverbindungen" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (09/11/2014 03:45:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Mobile-basierte Geräteverbindungen" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/11/2014 03:45:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Mobile-basierte Geräteverbindungen erreicht.


Microsoft Office Sessions:
=========================
Error: (09/11/2014 08:53:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe

Error: (09/11/2014 08:53:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe

Error: (09/11/2014 08:46:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/11/2014 05:01:15 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (09/11/2014 04:59:22 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (09/11/2014 04:55:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/11/2014 04:55:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/11/2014 03:37:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/09/11 03:37:51.245]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/11/2014 03:37:49 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/09/11 03:37:49.745]: [00004016]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 72%
Total physical RAM: 1974.85 MB
Available physical RAM: 548.35 MB
Total Pagefile: 3949.7 MB
Available Pagefile: 1478.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:173.98 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:7.38 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:0.95 GB) (Free:0.78 GB) FAT
Drive g: (HDD) (Fixed) (Total:118.3 GB) (Free:66.75 GB) NTFS
Drive h: (Volume) (Fixed) (Total:170.9 GB) (Free:123.61 GB) NTFS
Drive i: (Volume) (Fixed) (Total:176.56 GB) (Free:43.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7E9D1089)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: ACE22E9E)
Partition 1: (Active) - (Size=118.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=170.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=176.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 972.5 MB) (Disk ID: EED62DCE)
Partition 1: (Not Active) - (Size=972 MB) - (Type=06)

==================== End Of Log ============================
Vielen Dank für Deine Mühe und sage schonmal Gute Nacht .

Viele Grüße
perseiden

Alt 12.09.2014, 20:04   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Die Funde von ESET sind nicht so wild.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
ProxyServer: localhost:21320

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.09.2014, 20:23   #11
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hallo schrauber,

hier der Inhalt von Fixlog.txt:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by ***** at 2014-09-12 21:20:09 Run:1
Running from C:\Users\*****\Desktop\Trojaner entfernen-Programme
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-33822123-237600497-3884583694-1004\...\Winlogon: [Shell] C:\windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
ProxyServer: localhost:21320
         
*****************

HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-33822123-237600497-3884583694-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog ====
Danke sehr.

perseiden
Geändert von perseiden (12.09.2014 um 20:36 Uhr)

Alt 13.09.2014, 16:36   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2014, 15:50   #13
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hallo schrauber,

erstmal meinen allergrößten Dank und Respekt für Deine professionelle Hilfe - und Du hast mir wirklich sehr geholfen.

Einen kleinen Wermutstropfen habe ich noch und zwar sieht die Benutzeroberfläche von Secunia Personal Inspector bei mir so völlig anders aus als in eurem Beschreibungslink. Secunia hat mir außerdem viel Probleme bereitet, denn es kam immer nur auf eine score von 85%, wegen den Programmen die nicht mehr verfügbar waren, aber auch mit vorhandenen Programmen wie Windows7 (Windows-Update hatte ich vorher schon erledigt) oder OpenOffice4. Ich habe dann diese inaktiven Programme über den Punkt "Beim update nicht berücksichtigen" nacheinander aus dem oberen Bereich der Scoreliste entfernt und genau diese sieht man dann im unteren grauen Bereich dieser Liste.

OpenOffice ist vor Deiner Behandlung ;-) schon abgestürzt und jetzt danach auch wieder. Ich habe jetzt dieses Programm durch LibreOffice ersetzt und das läuft gut.

Alles in allem läuft mein laptop wieder rund :-)) und eine kleine Spende ist Dir gewiss.

Dafür habe ich seit ein paar Tagen auf meinen Ersatz-Laptop massive Probleme (bin im Außendienst und nehme ihn manchmal mit). Meine Frage ist hierzu, ob ich unter einem neuen Thread die erforderlichen log-files einstellen kann und sind das dann die gleichen, die ich auch hier zu Beginn einstellte?

LG
perseiden

PS: Ich bitte um Verständnis, denn ich bin nicht so fit am PC, aber fitter als so mancher anderer in meinem Alter (61/w) ;-)

Alt 14.09.2014, 18:33   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Poste einfach mal FRST Logs von der Kiste hier in den Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2014, 19:26   #15
perseiden
 
Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Standard

Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


Hallo schrauber,

das nenne ich mal einen Superservice und das auch noch auf einem Sonntagabend - DANKE


Kurz mein Problem:
Seit ich vor einigen Tagen versucht hatte, spywareTerminator zu deinstallieren, was leider nicht funktionierte, denn es kam die Meldung, dass eine Datei fehlen würde.
Anschließend habe ich das SpywareTerminator nochmal drüberinstalliert, in der Hoffnung, das es hilft und ich das Programm entfernen kann über Systemsteuerung/Programme entfernen.

Als zweites habe ich avira entfernt und habe anschließend avast free installiert und seitdem friert das gesamte System nach ca. 15-30 Minuten ein. Es hilft nur noch ein Ausknopf bzw. Stromweg, wobei der Einschaltknopf manchmal erst nach dem 3-4 Drücken reagiert.

Also hier die Files:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Lenovo (administrator) on LENOVO-THINK on 14-09-2014 19:35:51
Running from C:\Users\Lenovo\Desktop\ANTI-TROJANER-PROGRAMME
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\IKom\MYSQL\bin\mysqld-nt.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Crawler.com) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2774936 2014-05-13] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-14] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1969896115-1520030682-958216919-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-1969896115-1520030682-958216919-1000\...\MountPoints2: {51d3e246-5b74-11e1-81fe-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/deu/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {A515AF0C-2EB5-46CA-9219-553D7BD421BD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47ap7vii.default
FF NewTab: about:blank
FF Homepage: https://startpage.com/deu/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\TRACKER SOFTWARE\PDF VIEWER\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\TRACKER SOFTWARE\PDF VIEWER\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47ap7vii.default\Extensions\abs@avira.com [2014-09-04]
FF Extension: WOT - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47ap7vii.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-14]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47ap7vii.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013-06-04]
FF Extension: NoScript - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47ap7vii.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-14]
FF Extension: Adblock Plus - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\47ap7vii.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-12]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.78\pdf.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-03-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-14] (AVAST Software)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MySQL5; C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe [4493312 2013-03-23] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148664 2012-09-07] (Crawler.com)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2012-10-12] (Windows (R) Win 7 DDK provider)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 11:51 - 2014-09-14 11:51 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-14 11:51 - 2014-09-14 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-14 11:50 - 2014-09-14 19:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 11:50 - 2014-09-14 11:51 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-14 11:50 - 2014-09-14 11:50 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-14 11:50 - 2014-09-14 11:50 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-14 11:48 - 2014-09-14 11:48 - 00001228 _____ () C:\Users\Lenovo\Desktop\Downloads - Verknüpfung.lnk
2014-09-13 15:48 - 2014-09-13 15:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 22:20 - 2014-09-12 22:20 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\AVAST Software
2014-09-12 22:18 - 2014-09-12 22:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-12 22:16 - 2014-09-12 22:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-12 22:00 - 2014-09-12 22:07 - 91906368 _____ (AVAST Software) C:\Users\Lenovo\Desktop\avast_free_antivirus_setup_9.0.2021.exe
2014-09-12 21:54 - 2014-09-12 21:54 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-11 18:11 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 18:11 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 18:11 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 18:11 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 18:11 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 18:11 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 18:11 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 18:11 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 18:11 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 18:11 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 18:11 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 18:11 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 18:11 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 18:11 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 18:11 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 18:11 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 18:11 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 18:11 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 18:11 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 18:11 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 18:11 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 18:11 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 18:11 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 18:11 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 18:11 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 18:11 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 18:11 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 18:11 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 18:11 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 18:11 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 18:11 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 18:11 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 18:11 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 18:11 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 18:11 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 18:11 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 18:11 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 18:11 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 18:11 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 18:11 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 18:11 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 18:11 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 18:11 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 18:11 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 18:11 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 18:11 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 18:11 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 18:11 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 18:11 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 18:11 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 18:11 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 18:11 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 18:11 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 18:11 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 18:11 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 18:11 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 18:04 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 18:04 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 17:45 - 2014-09-11 17:45 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\LibreOffice
2014-09-11 17:37 - 2014-09-11 17:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-09-11 17:36 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-09-11 17:18 - 2014-09-12 21:51 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-09-11 17:18 - 2014-09-12 21:51 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-11 17:18 - 2014-09-11 17:18 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Abelssoft
2014-09-11 17:18 - 2014-09-11 17:18 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Abelssoft
2014-09-11 17:18 - 2014-09-11 17:18 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-11 17:07 - 2014-09-11 17:07 - 00000911 _____ () C:\Users\Lenovo\Desktop\Downloads.lnk
2014-09-11 16:56 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 16:56 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 16:56 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 16:56 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 16:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 16:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 16:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 16:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 16:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 16:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 16:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 12:19 - 2014-09-11 12:21 - 00000000 ____D () C:\Users\Lenovo\Documents\0-SPK
2014-09-10 14:10 - 2014-09-10 14:10 - 00000830 _____ () C:\Users\Lenovo\Desktop\JRT.txt
2014-09-10 13:59 - 2014-09-10 13:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-10 13:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-10 13:46 - 2014-09-10 13:49 - 00000000 ____D () C:\AdwCleaner
2014-09-10 12:45 - 2014-09-14 19:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 12:45 - 2014-09-10 12:45 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-10 12:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-10 12:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-10 12:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-10 12:23 - 2014-09-14 19:35 - 00000000 ____D () C:\FRST
2014-09-10 12:19 - 2014-09-10 12:20 - 00000000 ____D () C:\Finanzen
2014-09-10 12:16 - 2014-09-10 22:04 - 00000000 ____D () C:\Users\Lenovo\Documents\0-Anti-Viren-Trojaner
2014-09-10 12:11 - 2014-09-14 19:35 - 00000000 ____D () C:\Users\Lenovo\Desktop\Anti-Trojaner-Programme
2014-09-10 12:11 - 2014-09-13 14:40 - 00000000 ____D () C:\Users\Lenovo\Desktop\Anti-Trojaner- Programme
2014-09-07 15:09 - 2014-09-14 12:34 - 00008644 _____ () C:\Windows\PFRO.log
2014-09-06 22:16 - 2014-09-06 22:16 - 00003122 _____ () C:\Windows\System32\Tasks\{43543847-E89D-4199-83C9-0030D8CB6F70}
2014-09-06 22:03 - 2014-09-06 22:03 - 00000000 __SHD () C:\Users\Lenovo\AppData\Local\EmieUserList
2014-09-06 22:03 - 2014-09-06 22:03 - 00000000 __SHD () C:\Users\Lenovo\AppData\Local\EmieSiteList
2014-09-06 20:48 - 2014-09-14 19:27 - 00002063 _____ () C:\Windows\setupact.log
2014-09-06 20:48 - 2014-09-06 20:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 18:30 - 2014-09-06 18:30 - 00000000 ____D () C:\Users\Lenovo\Desktop\PC
2014-09-06 18:25 - 2014-09-06 18:25 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 18:25 - 2014-09-06 18:25 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 18:25 - 2014-09-06 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 18:25 - 2014-09-06 18:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 20:20 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 20:20 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 20:20 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 14:39 - 2014-08-26 14:39 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-08-26 14:39 - 2014-08-26 14:39 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-08-26 14:39 - 2014-08-26 14:39 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-08-17 18:46 - 2014-08-17 18:46 - 01101648 _____ () C:\Users\Lenovo\Downloads\LibreOffice - CHIP-Installer.exe
2014-08-15 23:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 23:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 23:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 23:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 23:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 23:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 23:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 23:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 21:45 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 21:45 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 21:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 21:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 21:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 21:45 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 21:45 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 21:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 21:45 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 21:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 21:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 21:45 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 21:45 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 21:45 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 21:44 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 21:44 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 21:44 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 21:44 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 21:44 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 21:44 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 21:44 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 21:44 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 21:44 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 21:44 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 21:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 21:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 19:35 - 2014-09-10 12:23 - 00000000 ____D () C:\FRST
2014-09-14 19:35 - 2014-09-10 12:11 - 00000000 ____D () C:\Users\Lenovo\Desktop\Anti-Trojaner-Programme
2014-09-14 19:35 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 19:35 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 19:31 - 2012-02-20 05:42 - 01726885 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 19:29 - 2014-09-10 12:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 19:28 - 2014-09-14 11:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 19:27 - 2014-09-06 20:48 - 00002063 _____ () C:\Windows\setupact.log
2014-09-14 19:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 14:54 - 2012-05-06 19:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 12:34 - 2014-09-07 15:09 - 00008644 _____ () C:\Windows\PFRO.log
2014-09-14 11:51 - 2014-09-14 11:51 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-14 11:51 - 2014-09-14 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-14 11:51 - 2014-09-14 11:50 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-14 11:50 - 2014-09-14 11:50 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-14 11:50 - 2014-09-14 11:50 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-14 11:50 - 2014-09-14 11:50 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-14 11:48 - 2014-09-14 11:48 - 00001228 _____ () C:\Users\Lenovo\Desktop\Downloads - Verknüpfung.lnk
2014-09-14 11:22 - 2012-05-18 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 16:28 - 2014-07-22 19:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-13 15:49 - 2014-09-13 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 14:41 - 2012-03-10 16:47 - 00000000 ____D () C:\Users\Lenovo
2014-09-13 14:40 - 2014-09-10 12:11 - 00000000 ____D () C:\Users\Lenovo\Desktop\Anti-Trojaner- Programme
2014-09-13 14:40 - 2014-08-08 13:49 - 00000000 ____D () C:\Users\Lenovo\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-09-13 14:40 - 2013-03-23 18:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-13 14:40 - 2012-10-12 22:17 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-09-13 14:40 - 2012-03-24 00:14 - 00000000 ____D () C:\Users\Lenovo\Desktop\Konkret-Interviews
2014-09-13 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-13 12:58 - 2012-02-20 06:12 - 00000000 ____D () C:\swshare
2014-09-12 22:20 - 2014-09-12 22:20 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\AVAST Software
2014-09-12 22:18 - 2014-09-12 22:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-12 22:18 - 2014-09-12 22:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-12 22:07 - 2014-09-12 22:00 - 91906368 _____ (AVAST Software) C:\Users\Lenovo\Desktop\avast_free_antivirus_setup_9.0.2021.exe
2014-09-12 21:54 - 2014-09-12 21:54 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-12 21:54 - 2013-08-04 21:29 - 00000000 ____D () C:\SUCCESSCONTROL
2014-09-12 21:51 - 2014-09-11 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-09-12 21:51 - 2014-09-11 17:18 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-09-12 21:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 20:53 - 2013-09-23 23:26 - 00000000 ____D () C:\Users\Lenovo\Documents\Rezepte
2014-09-12 20:17 - 2012-06-09 20:16 - 00000000 ____D () C:\Users\Lenovo\Documents\Barbara
2014-09-12 17:12 - 2013-02-07 22:34 - 00000000 ____D () C:\Users\Lenovo\Documents\Gesundheit
2014-09-11 23:04 - 2012-02-20 14:21 - 01960882 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 23:04 - 2012-02-20 14:21 - 00553928 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 23:04 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 22:48 - 2009-07-14 06:45 - 00382728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-11 18:10 - 2013-08-04 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 18:08 - 2013-08-14 12:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 18:05 - 2012-03-13 12:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 18:04 - 2014-05-06 22:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 17:45 - 2014-09-11 17:45 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\LibreOffice
2014-09-11 17:37 - 2014-09-11 17:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-09-11 17:37 - 2014-09-11 17:36 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-09-11 17:37 - 2012-03-10 16:48 - 00093208 _____ () C:\Users\Lenovo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-11 17:18 - 2014-09-11 17:18 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Abelssoft
2014-09-11 17:18 - 2014-09-11 17:18 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Abelssoft
2014-09-11 17:18 - 2014-09-11 17:18 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-09-11 17:15 - 2013-10-05 21:34 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-11 17:07 - 2014-09-11 17:07 - 00000911 _____ () C:\Users\Lenovo\Desktop\Downloads.lnk
2014-09-11 12:28 - 2012-03-10 20:48 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\CrashDumps
2014-09-11 12:26 - 2012-12-25 14:14 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\Notepad++
2014-09-11 12:26 - 2012-12-25 14:14 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-09-11 12:21 - 2014-09-11 12:19 - 00000000 ____D () C:\Users\Lenovo\Documents\0-SPK
2014-09-10 22:04 - 2014-09-10 12:16 - 00000000 ____D () C:\Users\Lenovo\Documents\0-Anti-Viren-Trojaner
2014-09-10 22:00 - 2012-10-12 22:15 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-09-10 21:25 - 2013-01-01 20:59 - 00041984 ___SH () C:\Users\Lenovo\Thumbs.db
2014-09-10 14:10 - 2014-09-10 14:10 - 00000830 _____ () C:\Users\Lenovo\Desktop\JRT.txt
2014-09-10 13:59 - 2014-09-10 13:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-10 13:49 - 2014-09-10 13:46 - 00000000 ____D () C:\AdwCleaner
2014-09-10 13:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-10 12:45 - 2014-09-10 12:45 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 12:45 - 2014-09-10 12:45 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-10 12:20 - 2014-09-10 12:19 - 00000000 ____D () C:\Finanzen
2014-09-10 10:55 - 2012-05-06 19:25 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 10:54 - 2012-05-06 19:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 10:54 - 2012-03-27 14:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-07 20:41 - 2013-03-24 15:33 - 00000000 ____D () C:\Users\Lenovo\Documents\Technik
2014-09-07 15:48 - 2012-12-05 19:13 - 00000000 ____D () C:\Users\Lenovo\Documents\Arthur
2014-09-07 15:09 - 2012-02-20 06:17 - 00000000 ____D () C:\Program Files\Google
2014-09-07 15:09 - 2012-02-20 06:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-06 22:16 - 2014-09-06 22:16 - 00003122 _____ () C:\Windows\System32\Tasks\{43543847-E89D-4199-83C9-0030D8CB6F70}
2014-09-06 22:16 - 2013-03-19 10:24 - 00000000 ____D () C:\Program Files\IKom
2014-09-06 22:03 - 2014-09-06 22:03 - 00000000 __SHD () C:\Users\Lenovo\AppData\Local\EmieUserList
2014-09-06 22:03 - 2014-09-06 22:03 - 00000000 __SHD () C:\Users\Lenovo\AppData\Local\EmieSiteList
2014-09-06 22:03 - 2012-03-10 16:50 - 00000000 ____D () C:\Users\Lenovo\AppData\Local\Google
2014-09-06 20:48 - 2014-09-06 20:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 18:30 - 2014-09-06 18:30 - 00000000 ____D () C:\Users\Lenovo\Desktop\PC
2014-09-06 18:27 - 2012-12-29 19:50 - 00000000 ____D () C:\Users\Lenovo\AppData\Roaming\TeamViewer
2014-09-06 18:27 - 2012-06-07 22:31 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-09-06 18:27 - 2011-02-15 11:42 - 00000000 ____D () C:\Windows\Panther
2014-09-06 18:25 - 2014-09-06 18:25 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 18:25 - 2014-09-06 18:25 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 18:25 - 2014-09-06 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 18:25 - 2014-09-06 18:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 18:23 - 2014-07-22 20:14 - 00000000 ____D () C:\Users\Lenovo\Documents\Nord-Ost-See
2014-09-06 18:23 - 2014-02-09 12:22 - 00000000 ____D () C:\Users\Lenovo\Documents\Wohnung
2014-09-05 04:10 - 2014-09-11 16:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 16:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-30 13:53 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-29 23:16 - 2013-07-31 21:36 - 00000000 ____D () C:\Users\Lenovo\Documents\1-Haka
2014-08-28 21:18 - 2012-10-13 22:35 - 00000000 ____D () C:\Users\Lenovo\Documents\Politik
2014-08-26 14:39 - 2014-08-26 14:39 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-08-26 14:39 - 2014-08-26 14:39 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-08-26 14:39 - 2014-08-26 14:39 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 20:20 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 20:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 20:20 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:41 - 2014-08-11 20:07 - 00000000 ____D () C:\Users\Lenovo\Documents\Gaby
2014-08-19 20:05 - 2014-09-11 18:11 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 18:11 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 18:11 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 18:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 18:11 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 18:11 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 18:11 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 18:11 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 18:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 18:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 18:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 18:11 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 18:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 18:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 18:11 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 18:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 18:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 18:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 18:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 18:11 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 18:11 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 18:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 18:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 18:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 18:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 18:11 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 18:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 18:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 18:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 18:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 18:11 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 18:11 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 18:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 18:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 18:11 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 18:11 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 18:11 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 18:11 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 18:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 18:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 18:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 18:11 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 18:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 18:11 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 18:11 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-11 18:11 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-11 18:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 18:11 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 18:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 18:11 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 18:11 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 18:11 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 18:11 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 18:11 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 18:46 - 2014-08-17 18:46 - 01101648 _____ () C:\Users\Lenovo\Downloads\LibreOffice - CHIP-Installer.exe
2014-08-16 20:59 - 2013-03-27 13:35 - 00000000 ____D () C:\Users\Lenovo\Documents\1-Gewerbe
2014-08-16 19:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Lenovo\AppData\Local\Temp\avgnt.exe
C:\Users\Lenovo\AppData\Local\Temp\IKom.exe
C:\Users\Lenovo\AppData\Local\Temp\IKom_tmp.exe
C:\Users\Lenovo\AppData\Local\Temp\libmysql.dll
C:\Users\Lenovo\AppData\Local\Temp\npp.6.6.8.Installer.exe
C:\Users\Lenovo\AppData\Local\Temp\Quarantine.exe
C:\Users\Lenovo\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 16:58

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


und

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Lenovo at 2014-09-14 19:36:58
Running from C:\Users\Lenovo\Desktop\ANTI-TROJANER-PROGRAMME
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-PDF Maker Version 1.2.0 (Build 119) (HKLM-x32\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.2.0 (Build 119) - 7-PDF, Germany - Thorsten Hodes)
7-PDF Printer 9.1.0.1456 (HKLM\...\7-PDF Printer_is1) (Version: 9.1.0.1456 - 7-PDF, Germany - Th. Hodes)
7-PDF Split & Merge Version 2.2.0 (Build 145) (HKLM-x32\...\7-PDF Split & Merge_is1) (Version: 7-PDF Split & Merge - Version 2.2.0 (Build 145) - 7-PDF, Germany - Thorsten Hodes)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AFPL Ghostscript 8.54 (HKLM-x32\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CISrun (HKLM-x32\...\{0698859E-F378-4E24-9445-C8121C0E4E74}) (Version: 8.5.124 - IfaD GmbH)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
EasyCash&Tax 1.59 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
ICE Kommunikationsmanager (HKLM-x32\...\IKom) (Version:  - ICE GmbH - Softwareentwicklung)
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.7 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access Runtime 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.4 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.4 (x86 de)) (Version: 17.0.4 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL (HKLM-x32\...\MySQL5) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.197.0 - Tracker Software Products Ltd.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.80 - Crawler.com)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1400 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-09-2014 21:21:21 Windows Update
11-09-2014 15:13:47 OpenOffice 4.1.0 wird entfernt
11-09-2014 15:35:10 Installed LibreOffice 4.3.1.2
11-09-2014 16:04:21 Windows Update
12-09-2014 19:53:36 SUCCESSCONTROL CRM wird entfernt
12-09-2014 20:17:52 avast! antivirus system restore point
13-09-2014 12:36:55 Wiederherstellungsvorgang
14-09-2014 09:49:18 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {23A13F4B-B090-419B-8AEC-B5B5A57151DF} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {31F80F2B-378D-4269-9CDD-468AD9DF8B9A} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {3FA6FBD7-478D-44BF-BAB0-606A9E299EB8} - System32\Tasks\CCleanerSkipUAC => C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE [2014-08-21] (Piriform Ltd)
Task: {7F2EDBAB-B826-4E9F-A4D3-0C7D10BDC9B7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {D0CFD5EA-ADE3-47EB-81AA-D206D3EC6EE1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-14] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 05:57 - 2010-08-24 20:30 - 00047616 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-02-20 14:14 - 2011-03-24 12:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2010-02-18 00:26 - 2010-02-18 00:26 - 00173344 _____ () C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\btkeyind.dll
2013-03-23 19:14 - 2013-03-23 19:14 - 04493312 _____ () C:\Program files\IKom\MYSQL\bin\mysqld-nt.exe
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 _____ () C:\PROGRAM FILES (X86)\LENOVO\MESSAGE CENTER PLUS\MCPLAUNCH.EXE
2014-09-14 11:50 - 2014-09-14 11:50 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-14 12:38 - 2014-09-14 12:38 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091400\algo.dll
2014-09-14 19:28 - 2014-09-14 19:28 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
2014-09-14 11:50 - 2014-09-14 11:50 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 07:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:57:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/14/2014 00:36:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 11:49:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary bwmcsizs.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/14/2014 11:43:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 11:24:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 04:06:42 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/13/2014 02:42:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 02:26:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 00:49:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/14/2014 07:27:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎09.‎2014 um 17:49:19 unerwartet heruntergefahren.

Error: (09/14/2014 04:08:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 04:02:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 01:29:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 01:14:39 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 01:11:39 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 01:05:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 00:50:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 00:44:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A1FB485F-479A-4BD4-A236-E77C46BF42DA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/14/2014 00:34:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎09.‎2014 um 12:32:50 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (09/14/2014 07:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 00:57:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/14/2014 00:36:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 11:49:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary bwmcsizs.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (09/14/2014 11:43:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/14/2014 11:24:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 04:06:42 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (09/13/2014 02:42:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 02:26:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 00:49:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 38%
Total physical RAM: 3892.55 MB
Available physical RAM: 2391.05 MB
Total Pagefile: 7783.28 MB
Available Pagefile: 5890.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.58 GB) (Free:396.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B777A999)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Tausend Dank :-)

Zwischenzeitlich blieb das System wieder hängen und Malwarebytes meldet bösartige Bedrohung durch SpywareTerminatorUpdate

LG
perseiden
Geändert von perseiden (14.09.2014 um 19:50 Uhr) Grund: Nachtrag

Antwort
Seite 1 von 2 1 2

Themen zu Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF
fehlercode 0x5, fehlercode 0x89000011, gen:adware.heur.hm9@gbbj1sci, gen:adware.heur.im9@g9ql6a, kein zugriff, msil/toolbar.linkury.a, virenscanner, websites blockiert, win32/adware.adon, win32/downloadsponsor.a, win32/downloadsponsor.b, win32/installcore.d, win32/installmonetizer.af, win32/installmonetizer.aq, win32/packed.themida, win32/softonicdownloader.f, win32/toolbar.babylon.i, win32/toolbar.babylon.p, win32/toolbar.conduit.b, win32/toolbar.conduit.y, win32/toolbar.linkury.g, win32/toolbar.widgi


« Windows 7: Internet: Proxy-Server verweigert die Verbindung | System restore virus/trojaner auf meinem Pc / performance probleme & leistungsverluss »


Ähnliche Themen: Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF


  1. Win 8.1 = Trojan.Generic.12552373, Win32.Adware.OpenCandy.C, Win32.Application.SysTwak.J
    Plagegeister aller Art und deren Bekämpfung - 13.09.2015 (12)
  2. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  3. Windows 7: Viren: BrowserModifier:Win32/CouponRuc und Trojan:Win32/Peals!gfs evtl. weitere
    Log-Analyse und Auswertung - 31.01.2015 (9)
  4. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  5. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  6. Win32/openCandy + Win32.Trojan.Agent.C5K071 auf PC Win7/64bit
    Log-Analyse und Auswertung - 17.01.2014 (3)
  7. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  8. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  9. Trojan-spy.win32 agent + system volume viren + pc abstürtze
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (4)
  10. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  11. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  12. Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2009 (6)
  13. Problem mit Win32:Trojan-gen und Win32:Adware-gen
    Log-Analyse und Auswertung - 03.03.2009 (0)
  14. Win32/Adware.Virtumonde - Win32/PrivacyRemover.M64 - Trojan.Zlob
    Mülltonne - 24.08.2008 (0)
  15. Win32:Trojan-gen, Win32:Rootkit-gen, Win32:Adware-gen gefunden!
    Log-Analyse und Auswertung - 14.07.2008 (1)
  16. AdWare.Win32.PluginDL und Trojan.Win32.Obfuscated.dt
    Log-Analyse und Auswertung - 05.03.2007 (1)
  17. HackTool.Win32.Hidd.c / TrojanSpy.Win32.Agent.w / Trojan-Downloader.Win32.Agent.fy
    Plagegeister aller Art und deren Bekämpfung - 21.12.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF - Hallo liebes Forum, seit vielen Jahren setze ich den Virenscanner Gdata ein und hatte nie Probleme mit Trojaner etc. gehabt. Seit einiger Zeit meldete Gdata "kein Zugriff auf Web-Inhalte" und - Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF...
Archiv
Du betrachtest: Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129