Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE verweigert zugriff und qvo6 als startseite, malware log gemacht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.08.2013, 14:08   #1
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hallo liebe community,

zuerst ich hoffe, dass ich hier im richtigen Forum gepostet habe, falls nicht tut mir leid, dies ist mein erster Post.
Nun zu meinem Problem, ich kann nach einer Installation des JDownloader nicht mehr den Internetexplorer benutzten und habe in allen Browsern qvo6 als startseite. Des Weiteren wird mir die Fehlermeldung: Internet Explorer Sicherheit : Eine Website möchte Webinhalte mithilfe dieses Programms auf diesem Computer öffnen. Name: silverlight.configuration.exe / Herausgeber: Microsoft Cooperation" Ein Klick auf Warnmeldung nicht mehr anzeigen nutzt nichts, das Fenster reagiert nicht.
Ich habe versucht mit Hand BlueStack zu deinstallieren und alle sonstigen Programme die mir verdächtig erschienen.
Da das nicht geholfen hat, habe ich mit Malwarebytes ein log erstellt und werde nun alle gefundenen Programme löschen.

Den Log habe ich als Anhang hinterlegt.

Falls ich weitere Vernänderungen bemwerke werde ich diese posten.
Edit: So nach dem löschen habe ich einen weiteren Log erhalten, der lautet:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Claudia :: CLAUDIA-PC [Administrator]

Schutz: Aktiviert

21.08.2013 12:25:46
mbam-log-2013-08-21 (12-25-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 567699
Laufzeit: 2 Stunde(n), 17 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> 1692 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Datamngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSYSSVC (PUP.Optional.Esafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0M1S1H1K2U -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Daten: C:\ProgramData\eSafe\eGdpSvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 7
C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ann-Cathrin\Downloads\FlashPlayer_V.19082606c.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ann-Cathrin\Downloads\iLividSetup (1).exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ann-Cathrin\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\is357113909\cor_ar_2013729172639_qvo6.exe (PUP.Optional.Elex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\eIntaller\20843ACBEC6D43f9AE6AF526917B1AB0\eGdpSvc.exe (PUP.Optional.ESafe.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\Desktop\PhotoScape_V3.6.3.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\AutoKMS\AutoKMS.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Dealply\UpdateProc\STTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claudia\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Liebe Grüße
Angehängte Dateien
Dateityp: txt MBAM-log-2013-08-21 (15-01-10).txt (8,1 KB, 152x aufgerufen)

Geändert von Mannifred (21.08.2013 um 14:11 Uhr) Grund: neuer log

Alt 21.08.2013, 14:12   #2
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hallo,

mach bitte einen FRST-Scan:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 21.08.2013, 14:35   #3
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Vielen Dank für die antwort hier das Ergebnis:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013
Ran by Claudia (administrator) on 21-08-2013 15:34:09
Running from C:\Users\Claudia\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\Windows\system32\lxdvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SafeNet, Inc.) C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(SafeNet, Inc.) C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
() C:\Program Files (x86)\USIM Editor\iconcs151118.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [7060848 2012-09-14] (O&O Software GmbH)
HKLM\...\Run: [SACMonitor] - C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe [2183312 2012-04-16] (SafeNet, Inc.)
HKLM\...\Run: [lxdvmon.exe] - C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2009-07-07] ()
HKLM\...\Run: [lxdvamon] - C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2009-07-07] ()
Winlogon\Notify\ScCertProp: 
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [GoogleChromeAutoLaunch_8FBDDE0DA8112CBEB0980C32BED10A6B] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2013\ARO.exe [3157336 2013-07-03] (Support.com, Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Claudia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-07] (Spotify Ltd)
MountPoints2: {bd0ade7f-eb1b-11e1-97fc-806e6f6e6963} - E:\Launch.exe
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM-x32\...\Run: [USBestCR] - C:\Program Files (x86)\USIM Editor\iconcs151118.exe [7041024 2010-07-02] ()
HKLM-x32\...\Run: [Lexmark X5400 Series] - C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [307880 2009-07-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [x]
HKU\Ann-Cathrin\...\Run: [Spotify] - C:\Users\Ann-Cathrin\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-11-05] (Spotify Ltd)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
AppInit_DLLs:      [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk
ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{87CCB9C0-55B9-4110-884F-A6CB0927EF50}\DefragIcon.exe ()
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

ProxyServer: 62.240.30.201:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} -  No File
URLSearchHook: (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default
FF user.js: detected! => C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\user.js
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/0069a354ac565dc1ee7d001b9c7ea218/proxy.pac"
FF NetworkProxy: "http", "77.94.48.5"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.247.119.128"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: admin - C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

Chrome: 
=======
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Proxy SwitchySharp) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.10.2_0
CHR Extension: (Invite All) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0
CHR Extension: (Foxy Proxy Standard) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_0
CHR Extension: (Skype Click to Call) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Premiumize.me) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm\0.0.16_0
CHR HKLM-x32\...\Chrome\Extension: [ejnmnhkgiphcaeefbaooconkceehicfi] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S3 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
S3 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S3 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-11-30] (DATA BECKER GmbH & Co KG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLHUK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SACSrv; C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe [10384 2012-04-16] (SafeNet, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-05-04] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-21 15:29 - 2013-08-21 15:30 - 00039967 _____ C:\Users\Claudia\Downloads\Addition.txt
2013-08-21 15:28 - 2013-08-21 15:28 - 01576164 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2013-08-21 15:28 - 2013-08-21 15:28 - 00000000 ____D C:\FRST
2013-08-21 12:24 - 2013-08-21 12:24 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 12:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-21 12:22 - 2013-08-21 12:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Claudia\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Users\Claudia\AppData\Local\{816270E0-A8BC-4CD4-B9B8-2C067E81216D}
2013-08-20 11:38 - 2013-08-20 11:38 - 00281216 _____ C:\Windows\Minidump\082013-16957-01.dmp
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\Claudia\AppData\Local\{5EFEF317-3D79-43A4-BCB9-32385D239DEF}
2013-08-19 16:28 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\.appwork
2013-08-18 23:33 - 2013-08-18 23:33 - 00019267 _____ C:\AdwCleaner[R2].txt
2013-08-18 23:31 - 2013-08-18 23:31 - 00019206 _____ C:\AdwCleaner[R1].txt
2013-08-18 21:49 - 2013-08-18 21:49 - 00000000 ____D C:\Users\Claudia\AppData\Local\{019AD6AB-35F1-47C1-8711-B0EB43A520AC}
2013-08-17 18:39 - 2013-08-20 11:38 - 558789146 _____ C:\Windows\MEMORY.DMP
2013-08-17 18:39 - 2013-08-20 11:38 - 00000000 ____D C:\Windows\Minidump
2013-08-17 18:39 - 2013-08-17 18:40 - 00282752 _____ C:\Windows\Minidump\081713-22573-01.dmp
2013-08-17 17:11 - 2013-08-17 18:30 - 00025180 _____ C:\Users\Claudia\Documents\NL Rechnung 13a-13 Engel.xlsx
2013-08-17 17:10 - 2013-08-17 18:30 - 00025395 _____ C:\Users\Claudia\Documents\NL Vertrag 13a-13 Engel.xlsx
2013-08-17 16:41 - 2013-08-17 16:42 - 00000000 ____D C:\Users\Claudia\AppData\Local\{37F86E81-D05F-4A0D-B071-46DAB2C49730}
2013-08-17 12:17 - 2013-08-17 12:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FD6400F-6FA3-4BA8-81BB-99073C11C2F9}
2013-08-17 00:08 - 2013-08-17 00:08 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DivX
2013-08-16 23:46 - 2013-08-16 23:46 - 00000057 _____ C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-08-16 23:46 - 2013-08-16 23:46 - 00000005 _____ C:\Users\Claudia\AppData\Roaming\WBPU-TTL.DAT
2013-08-16 22:48 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\AppData\Local\JDownloader v2.0
2013-08-16 22:48 - 2013-08-16 22:48 - 00001621 _____ C:\Users\Claudia\Desktop\DivX Movies.lnk
2013-08-16 22:47 - 2013-08-21 14:43 - 00000000 ____D C:\ProgramData\eSafe
2013-08-16 22:47 - 2013-08-18 23:09 - 00000000 ____D C:\Program Files\DivX
2013-08-16 22:47 - 2013-08-16 22:47 - 00077976 _____ (AppWork GmbH) C:\Users\Claudia\Downloads\WebInstallerJD2 (1).exe
2013-08-16 22:46 - 2013-08-18 23:09 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-16 22:46 - 2013-08-17 18:46 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-16 22:46 - 2013-08-16 22:46 - 00077976 _____ (AppWork GmbH) C:\Users\Claudia\Downloads\WebInstallerJD2.exe
2013-08-16 22:46 - 2013-08-16 22:46 - 00003242 _____ C:\Windows\System32\Tasks\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Local\DealPlyLive
2013-08-16 22:45 - 2013-08-18 23:10 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-08-16 22:45 - 2013-08-18 23:10 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-16 22:45 - 2013-08-18 23:09 - 00000000 ____D C:\ProgramData\DivX
2013-08-16 22:45 - 2013-08-17 18:45 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-16 22:45 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\LavFilters
2013-08-16 22:45 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\CDXReader
2013-08-16 22:45 - 2013-08-16 22:45 - 00003246 _____ C:\Windows\System32\Tasks\Dealply
2013-08-16 22:45 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\eIntaller
2013-08-16 22:44 - 2013-08-16 22:44 - 00705136 _____ C:\Users\Claudia\Downloads\UltimateCodec.exe
2013-08-15 13:59 - 2013-08-15 13:59 - 00000000 ____D C:\Users\Claudia\AppData\Local\{44B396B5-9123-4B39-9E11-44FF1E79134D}
2013-08-15 03:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:14 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:14 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:55 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 01:55 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 01:55 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 01:55 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 01:55 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 01:55 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 01:55 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 01:55 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 01:55 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 01:55 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 01:55 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 01:55 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 01:55 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 01:55 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 01:55 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 01:55 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 01:55 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 01:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 01:39 - 2013-08-15 01:40 - 00000000 ____D C:\Users\Claudia\AppData\Local\{2CA96D2A-1BFB-4196-B126-0EE2165BAB9A}
2013-08-13 19:48 - 2013-08-13 20:13 - 00025054 _____ C:\Users\Claudia\Documents\NL Rechnung 12b-13 Kimpel.xlsx
2013-08-13 19:42 - 2013-08-13 19:49 - 00025457 _____ C:\Users\Claudia\Documents\NL Vertrag 12b-13 Kimpel.xlsx
2013-08-13 11:14 - 2013-08-13 11:15 - 00000000 ____D C:\Users\Claudia\AppData\Local\{82973E3F-6240-4B81-BC37-1417A16052FF}
2013-08-12 14:00 - 2013-08-12 14:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\{DE792B33-8CE0-4A05-9DD9-4A6ABB905EF9}
2013-08-12 01:36 - 2013-08-12 01:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0201EF51-EEEA-4A34-94AD-8DA43A63376E}
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A95081BB-4BC9-4669-B635-0F87778C062A}
2013-08-12 01:20 - 2013-08-12 01:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A2BF7023-3BB6-4E6B-8F91-39633E1559B6}
2013-08-11 13:32 - 2013-08-16 22:47 - 00001381 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-11 13:32 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 13:27 - 2013-08-11 13:28 - 21703480 _____ (Mozilla) C:\Users\Claudia\Firefox_Setup_22.0.exe
2013-08-11 13:20 - 2013-08-11 13:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FCE37B1-405B-4471-9FBC-69DE4511873C}
2013-08-10 04:14 - 2013-08-10 04:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9ED53E98-03FD-47EE-9B8C-4D939DDE3EC9}
2013-08-09 12:26 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Claudia\AppData\Local\{032F903D-503D-4261-8814-FA319C18EED0}
2013-08-08 23:06 - 2013-08-08 23:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8E9A6808-043F-4BA7-95CE-8153597CFC7A}
2013-08-07 16:29 - 2013-08-07 16:29 - 00000000 ____D C:\Users\Claudia\AppData\Local\{ED3532DE-4C52-479F-AF97-2AA7440647E3}
2013-08-07 15:28 - 2013-08-07 15:34 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\EurekaLog
2013-08-07 14:16 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 14:09 - 2013-08-07 14:09 - 01067192 _____ (Solid State Networks) C:\Users\Claudia\Downloads\install_flashplayer11x32axau_mssd_aaa_aih.exe
2013-08-07 13:00 - 2013-08-07 13:00 - 00000936 _____ C:\Users\Claudia\Desktop\Evernote.lnk
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\Evernote
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-07 12:56 - 2013-08-07 12:58 - 55080288 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Claudia\Downloads\Evernote_4.6.7.8409.exe
2013-08-06 20:29 - 2013-08-06 20:31 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-08-06 20:29 - 2013-08-06 20:29 - 00000868 _____ C:\Users\Public\Desktop\CyberGhost VPN.lnk
2013-08-06 20:29 - 2011-12-15 20:29 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2013-08-06 20:28 - 2013-08-06 20:28 - 12792880 _____ (CyberGhost S.R.L.                                           ) C:\Users\Claudia\Downloads\CGWebInstall-de.exe
2013-08-05 16:58 - 2013-08-05 16:58 - 00000000 ____D C:\Users\Claudia\AppData\Local\{54350525-DE3E-403E-913C-9F7126687766}
2013-08-04 21:40 - 2013-08-04 21:40 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 21:35 - 2013-08-04 21:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0B91E2E0-6BF9-4238-9FB5-9BA627AF63FF}
2013-08-02 23:02 - 2013-08-02 23:02 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F83FEF0F-8939-4EF7-A286-771FA1652DF0}
2013-07-31 19:24 - 2013-07-31 19:25 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9849D5D8-D4BE-4E0C-9FE5-63CD0F06623B}
2013-07-31 18:09 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A83CE4E2-4CD0-443B-98FD-C3AA74EC66E9}
2013-07-31 17:57 - 2013-07-31 17:57 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F12BE577-A2BC-4E52-98EB-269E40A0FECB}
2013-07-30 09:52 - 2013-07-30 09:52 - 00000000 ____D C:\Users\Claudia\AppData\Local\{87A79A53-18E5-4E6B-AE7E-B598CB5C8925}
2013-07-30 09:50 - 2013-07-30 09:50 - 00001306 _____ C:\Users\Claudia\Desktop\Clean Registry for Free!.lnk
2013-07-29 19:07 - 2013-07-29 19:07 - 00000000 ____D C:\Users\Claudia\AppData\Local\{94CD8D6F-AB63-44C2-B9FD-86B50E63A387}
2013-07-27 15:35 - 2013-07-27 15:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{827B5947-D8D2-4C2A-B7BC-8D85AE0744B9}
2013-07-27 15:07 - 2013-07-27 15:07 - 00001162 _____ C:\Users\Claudia\Desktop\Get Live PC Help Now.lnk
2013-07-27 15:07 - 2013-07-27 15:07 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\X5400 Series
2013-07-27 14:57 - 2013-07-27 14:57 - 00000000 ____D C:\Program Files\SafeNet
2013-07-27 14:56 - 2013-07-27 14:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-27 14:55 - 2013-07-27 14:55 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-27 14:54 - 2013-07-27 14:57 - 00000000 ____D C:\Program Files (x86)\HUK Dienstprogramme
2013-07-27 14:53 - 2013-07-27 14:53 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-24 17:20 - 2013-07-24 17:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{27C569CC-1C77-4DF1-B826-587B0246A496}
2013-07-23 19:42 - 2013-07-23 19:42 - 00000000 ____D C:\Users\Claudia\AppData\Local\{93071BFB-7A8D-4C25-929B-76F79D8FCB84}
2013-07-23 17:53 - 2013-07-23 17:53 - 00000178 _____ C:\lxct.log
2013-07-23 17:51 - 2013-07-23 17:51 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0A303421-691C-4B2E-BED5-D3DAEA622F24}
2013-07-23 15:05 - 2013-07-23 15:06 - 80481712 _____ C:\Users\Claudia\Downloads\cjs5400EN (2).exe
2013-07-23 13:52 - 2009-04-17 10:17 - 00045568 _____ C:\Windows\system32\LXDVPMON.DLL
2013-07-23 13:52 - 2009-04-17 10:17 - 00014336 _____ C:\Windows\system32\LXDVFXPU.DLL
2013-07-23 13:51 - 2013-07-23 17:53 - 00083086 _____ C:\Windows\system32\LexFiles.ulf
2013-07-23 13:51 - 2013-07-23 13:52 - 00000000 ____D C:\Program Files\Lexmark X5400 Series
2013-07-23 13:51 - 2013-07-23 13:52 - 00000000 ____D C:\Program Files (x86)\Lexmark X5400 Series
2013-07-23 13:51 - 2013-07-23 13:51 - 00001080 _____ C:\Users\Public\Desktop\Lexmark Productivity Studio - X5400 Series.LNK
2013-07-23 13:51 - 2013-07-23 13:51 - 00000000 ____D C:\ProgramData\X5400 Series
2013-07-23 13:51 - 2009-04-17 10:17 - 00003584 _____ () C:\Windows\system32\LXDVPMRC.DLL
2013-07-23 13:51 - 2007-10-18 16:54 - 01044136 _____ ( ) C:\Windows\system32\lxdvcoms.exe
2013-07-23 13:51 - 2007-10-18 16:54 - 00602792 _____ ( ) C:\Windows\system32\lxdvcfg.exe
2013-07-23 13:51 - 2007-10-18 16:54 - 00519336 _____ ( ) C:\Windows\system32\lxdvih.exe
2013-07-23 13:51 - 2007-10-18 16:53 - 00594600 _____ ( ) C:\Windows\SysWOW64\lxdvcoms.exe
2013-07-23 13:51 - 2007-10-18 16:53 - 00365224 _____ ( ) C:\Windows\SysWOW64\lxdvcfg.exe
2013-07-23 13:51 - 2007-10-18 16:53 - 00320168 _____ ( ) C:\Windows\SysWOW64\lxdvih.exe
2013-07-23 13:51 - 2007-10-18 16:44 - 00002030 _____ C:\Windows\SysWOW64\lxdv.loc
2013-07-23 13:51 - 2007-10-18 16:44 - 00002030 _____ C:\Windows\system32\lxdv.loc
2013-07-23 13:51 - 2007-10-17 18:27 - 01201182 _____ C:\Windows\SysWOW64\LXDVhelp.chm
2013-07-23 13:51 - 2007-10-17 18:27 - 01201182 _____ C:\Windows\system32\LXDVhelp.chm
2013-07-23 13:51 - 2007-10-09 04:07 - 00090624 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvinsr.dll
2013-07-23 13:51 - 2007-10-09 04:07 - 00022528 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvcur.dll
2013-07-23 13:51 - 2007-10-09 04:05 - 00129024 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvjswr.dll
2013-07-23 13:51 - 2007-10-09 04:02 - 00183808 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvinsb.dll
2013-07-23 13:51 - 2007-10-09 04:02 - 00073216 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvcub.dll
2013-07-23 13:51 - 2007-10-09 04:01 - 00235520 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvins.dll
2013-07-23 13:51 - 2007-10-09 04:01 - 00102400 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvcu.dll
2013-07-23 13:51 - 2007-10-09 04:00 - 00715264 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdvutil.dll
2013-07-23 13:51 - 2007-10-09 03:59 - 00299520 _____ () C:\Windows\system32\lxdvgrd.dll
2013-07-23 13:51 - 2007-10-09 02:39 - 00106496 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvinsr.dll
2013-07-23 13:51 - 2007-10-09 02:39 - 00036864 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvcur.dll
2013-07-23 13:51 - 2007-10-09 02:38 - 00143360 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvjswr.dll
2013-07-23 13:51 - 2007-10-09 02:37 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvinsb.dll
2013-07-23 13:51 - 2007-10-09 02:37 - 00090112 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvcub.dll
2013-07-23 13:51 - 2007-10-09 02:36 - 00176128 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvins.dll
2013-07-23 13:51 - 2007-10-09 02:36 - 00077824 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvcu.dll
2013-07-23 13:51 - 2007-10-09 02:35 - 00503808 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxdvutil.dll
2013-07-23 13:51 - 2007-09-20 16:39 - 00977408 _____ ( ) C:\Windows\system32\lxdvpmui.dll
2013-07-23 13:51 - 2007-09-20 16:36 - 01661952 _____ ( ) C:\Windows\system32\lxdvserv.dll
2013-07-23 13:51 - 2007-09-20 16:33 - 00885248 _____ ( ) C:\Windows\system32\lxdvlmpm.dll
2013-07-23 13:51 - 2007-09-20 16:33 - 00562688 _____ ( ) C:\Windows\system32\lxdvcomm.dll
2013-07-23 13:51 - 2007-09-20 16:33 - 00510464 _____ ( ) C:\Windows\system32\lxdviesc.dll
2013-07-23 13:51 - 2007-09-20 16:32 - 01502720 _____ ( ) C:\Windows\system32\lxdvusb1.dll
2013-07-23 13:51 - 2007-09-20 16:32 - 01070592 _____ ( ) C:\Windows\system32\lxdvhbn3.dll
2013-07-23 13:51 - 2007-09-20 16:31 - 01472512 _____ ( ) C:\Windows\system32\lxdvcomc.dll
2013-07-23 13:51 - 2007-09-20 16:30 - 00047104 _____ ( ) C:\Windows\system32\lxdvprox.dll
2013-07-23 13:51 - 2007-09-20 16:28 - 00671744 _____ ( ) C:\Windows\system32\LXDVhcp.dll
2013-07-23 13:51 - 2007-09-20 16:28 - 00541696 _____ ( ) C:\Windows\system32\lxdvinpa.dll
2013-07-23 13:51 - 2007-09-20 16:28 - 00524800 _____ C:\Windows\system32\LXDVinst.dll
2013-07-23 13:51 - 2007-09-20 16:12 - 00643072 _____ ( ) C:\Windows\SysWOW64\lxdvpmui.dll
2013-07-23 13:51 - 2007-09-20 16:09 - 01069056 _____ ( ) C:\Windows\SysWOW64\lxdvserv.dll
2013-07-23 13:51 - 2007-09-20 16:06 - 00569344 _____ ( ) C:\Windows\SysWOW64\lxdvlmpm.dll
2013-07-23 13:51 - 2007-09-20 16:06 - 00364544 _____ ( ) C:\Windows\SysWOW64\lxdvcomm.dll
2013-07-23 13:51 - 2007-09-20 16:06 - 00339968 _____ ( ) C:\Windows\SysWOW64\lxdviesc.dll
2013-07-23 13:51 - 2007-09-20 16:05 - 00663552 _____ ( ) C:\Windows\SysWOW64\lxdvhbn3.dll
2013-07-23 13:51 - 2007-09-20 16:04 - 00954368 _____ ( ) C:\Windows\SysWOW64\lxdvusb1.dll
2013-07-23 13:51 - 2007-09-20 16:04 - 00851968 _____ ( ) C:\Windows\SysWOW64\lxdvcomc.dll
2013-07-23 13:51 - 2007-09-20 16:02 - 00053248 _____ ( ) C:\Windows\SysWOW64\lxdvprox.dll
2013-07-23 13:51 - 2007-09-20 16:01 - 00360448 _____ ( ) C:\Windows\SysWOW64\lxdvinpa.dll
2013-07-23 13:51 - 2007-09-20 16:01 - 00348160 _____ C:\Windows\SysWOW64\LXDVinst.dll
2013-07-23 13:51 - 2007-08-14 03:17 - 00069632 _____ () C:\Windows\system32\lxdvoem.dll
2013-07-23 13:51 - 2007-08-10 00:35 - 00065536 _____ (Lexmark International) C:\Windows\system32\LXDVcfg.dll
2013-07-23 13:51 - 2007-08-10 00:33 - 00077906 _____ (Lexmark International) C:\Windows\SysWOW64\LXDVcfg.dll
2013-07-23 13:51 - 2007-07-18 07:45 - 00983121 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lxdvgf.dll
2013-07-23 13:51 - 2007-07-18 07:45 - 00983121 _____ (Microsoft Corporation) C:\Windows\system32\lxdvgf.dll
2013-07-23 13:51 - 2007-05-28 22:37 - 00385024 _____ () C:\Windows\SysWOW64\lxdvcomx.dll
2013-07-23 13:51 - 2007-01-22 05:53 - 00126976 _____ (Lexmark International Inc.) C:\Windows\SysWOW64\lxdvlnks.dll
2013-07-23 13:22 - 2013-07-23 13:22 - 00000000 ____D C:\lexmark
2013-07-23 13:12 - 2013-07-23 13:12 - 00001076 _____ C:\Users\Claudia\Desktop\Check PC For Errors.lnk
2013-07-23 13:12 - 2013-07-23 13:12 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Sammsoft
2013-07-23 13:12 - 2013-07-23 13:12 - 00000000 ____D C:\ProgramData\APN
2013-07-23 13:12 - 2013-07-23 13:12 - 00000000 ____D C:\Program Files (x86)\ARO 2013
2013-07-23 13:12 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Claudia\Documents\APNSetup.exe
2013-07-23 13:01 - 2013-07-23 13:01 - 80481712 _____ C:\Users\Claudia\Downloads\cjs5400EN (1).exe
2013-07-23 13:00 - 2013-07-23 13:00 - 80481712 _____ C:\Users\Claudia\Downloads\cjs5400EN.exe
2013-07-23 10:36 - 2013-08-15 03:08 - 00000000 ____D C:\Windows\system32\MRT
2013-07-22 17:20 - 2013-07-22 17:20 - 01067192 _____ (Solid State Networks) C:\Users\Claudia\Downloads\install_flashplayer11x32axau_mssa_aaa_aih (2).exe
2013-07-22 16:34 - 2013-07-27 14:57 - 00000000 ____D C:\Program Files (x86)\HUK-COBURG
2013-07-22 16:12 - 2013-07-22 16:12 - 00001004 _____ C:\Users\Claudia\Desktop\Fachinformationen HUK 12-10.lnk
2013-07-22 16:05 - 2013-07-22 16:10 - 00000000 ____D C:\Program Files (x86)\Fachinformationen HUK
2013-07-22 15:08 - 2013-07-22 15:08 - 00000000 ____D C:\Users\Claudia\AppData\Local\{1FEADBA0-C2AF-41B0-822B-478AC02D9786}
2013-07-22 15:06 - 2013-08-21 15:15 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-07-22 15:06 - 2013-08-21 10:32 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS

==================== One Month Modified Files and Folders =======

2013-08-21 15:32 - 2009-07-14 06:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 15:32 - 2009-07-14 06:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-21 15:30 - 2013-08-21 15:30 - 00039967 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-08-21 15:30 - 2013-08-21 15:29 - 00039967 _____ C:\Users\Claudia\Downloads\Addition.txt
2013-08-21 15:28 - 2013-08-21 15:28 - 01576164 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2013-08-21 15:28 - 2013-08-21 15:28 - 00000000 ____D C:\FRST
2013-08-21 15:20 - 2012-08-20 16:12 - 01943388 _____ C:\Windows\WindowsUpdate.log
2013-08-21 15:18 - 2012-08-20 16:29 - 00000000 ____D C:\Users\Claudia\Documents\Youcam
2013-08-21 15:16 - 2012-08-20 16:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-21 15:15 - 2013-07-22 15:06 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-21 15:15 - 2013-04-11 13:29 - 00012012 _____ C:\Windows\setupact.log
2013-08-21 15:15 - 2012-12-24 21:57 - 00257936 _____ C:\Windows\system32\oodbs.lor
2013-08-21 15:15 - 2010-11-21 05:47 - 00123788 _____ C:\Windows\PFRO.log
2013-08-21 15:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 15:13 - 2012-09-13 16:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 15:12 - 2013-05-20 13:03 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Spotify
2013-08-21 15:08 - 2012-12-24 18:43 - 00000000 ____D C:\Windows\AutoKMS
2013-08-21 14:56 - 2012-08-20 16:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-21 14:43 - 2013-08-16 22:47 - 00000000 ____D C:\ProgramData\eSafe
2013-08-21 14:14 - 2013-05-20 13:03 - 00000000 ____D C:\Users\Claudia\AppData\Local\Spotify
2013-08-21 13:30 - 2012-02-21 20:50 - 00754682 _____ C:\Windows\system32\perfh007.dat
2013-08-21 13:30 - 2012-02-21 20:50 - 00172382 _____ C:\Windows\system32\perfc007.dat
2013-08-21 13:30 - 2009-07-14 07:13 - 01763064 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 12:24 - 2013-08-21 12:24 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 12:22 - 2013-08-21 12:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Claudia\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-21 10:40 - 2013-07-16 22:11 - 00000452 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-21 10:32 - 2013-07-22 15:06 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-21 00:16 - 2012-12-24 18:43 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Users\Claudia\AppData\Local\{816270E0-A8BC-4CD4-B9B8-2C067E81216D}
2013-08-20 11:38 - 2013-08-20 11:38 - 00281216 _____ C:\Windows\Minidump\082013-16957-01.dmp
2013-08-20 11:38 - 2013-08-17 18:39 - 558789146 _____ C:\Windows\MEMORY.DMP
2013-08-20 11:38 - 2013-08-17 18:39 - 00000000 ____D C:\Windows\Minidump
2013-08-19 20:10 - 2013-01-09 20:13 - 00066133 _____ C:\Users\Public\Documents\Konto Postbank.xlsx
2013-08-19 20:10 - 2013-01-08 18:39 - 00023558 _____ C:\Users\Public\Documents\NL Buchhaltung 2013.xlsx
2013-08-19 20:10 - 2013-01-08 17:39 - 00084480 _____ C:\Users\Public\Documents\NL Nebenkosten.xls
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\Claudia\AppData\Local\{5EFEF317-3D79-43A4-BCB9-32385D239DEF}
2013-08-19 16:28 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\.appwork
2013-08-19 16:28 - 2013-08-16 22:48 - 00000000 ____D C:\Users\Claudia\AppData\Local\JDownloader v2.0
2013-08-19 16:28 - 2012-08-20 16:23 - 00000000 ____D C:\Users\Claudia
2013-08-19 02:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 23:33 - 2013-08-18 23:33 - 00019267 _____ C:\AdwCleaner[R2].txt
2013-08-18 23:31 - 2013-08-18 23:31 - 00019206 _____ C:\AdwCleaner[R1].txt
2013-08-18 23:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-18 23:10 - 2013-08-16 22:45 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-08-18 23:10 - 2013-08-16 22:45 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-18 23:09 - 2013-08-16 22:47 - 00000000 ____D C:\Program Files\DivX
2013-08-18 23:09 - 2013-08-16 22:46 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-18 23:09 - 2013-08-16 22:45 - 00000000 ____D C:\ProgramData\DivX
2013-08-18 21:49 - 2013-08-18 21:49 - 00000000 ____D C:\Users\Claudia\AppData\Local\{019AD6AB-35F1-47C1-8711-B0EB43A520AC}
2013-08-18 00:16 - 2012-09-14 20:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\vlc
2013-08-17 18:46 - 2013-08-16 22:46 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-17 18:45 - 2013-08-16 22:45 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-17 18:40 - 2013-08-17 18:39 - 00282752 _____ C:\Windows\Minidump\081713-22573-01.dmp
2013-08-17 18:30 - 2013-08-17 17:11 - 00025180 _____ C:\Users\Claudia\Documents\NL Rechnung 13a-13 Engel.xlsx
2013-08-17 18:30 - 2013-08-17 17:10 - 00025395 _____ C:\Users\Claudia\Documents\NL Vertrag 13a-13 Engel.xlsx
2013-08-17 16:42 - 2013-08-17 16:41 - 00000000 ____D C:\Users\Claudia\AppData\Local\{37F86E81-D05F-4A0D-B071-46DAB2C49730}
2013-08-17 12:38 - 2009-07-14 06:45 - 00582304 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:17 - 2013-08-17 12:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FD6400F-6FA3-4BA8-81BB-99073C11C2F9}
2013-08-17 12:17 - 2012-08-20 16:25 - 00161392 _____ C:\Users\Claudia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-17 00:08 - 2013-08-17 00:08 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DivX
2013-08-16 23:46 - 2013-08-16 23:46 - 00000057 _____ C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-08-16 23:46 - 2013-08-16 23:46 - 00000005 _____ C:\Users\Claudia\AppData\Roaming\WBPU-TTL.DAT
2013-08-16 22:48 - 2013-08-16 22:48 - 00001621 _____ C:\Users\Claudia\Desktop\DivX Movies.lnk
2013-08-16 22:47 - 2013-08-16 22:47 - 00077976 _____ (AppWork GmbH) C:\Users\Claudia\Downloads\WebInstallerJD2 (1).exe
2013-08-16 22:47 - 2013-08-11 13:32 - 00001381 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-16 22:47 - 2013-04-06 12:12 - 00002413 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-16 22:47 - 2012-08-20 16:24 - 00001667 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-16 22:47 - 2012-08-20 16:24 - 00001633 _____ C:\Users\Claudia\Desktop\Internet Explorer (64-bit).lnk
2013-08-16 22:46 - 2013-08-16 22:46 - 00077976 _____ (AppWork GmbH) C:\Users\Claudia\Downloads\WebInstallerJD2.exe
2013-08-16 22:46 - 2013-08-16 22:46 - 00003242 _____ C:\Windows\System32\Tasks\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Local\DealPlyLive
2013-08-16 22:46 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\LavFilters
2013-08-16 22:46 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\CDXReader
2013-08-16 22:45 - 2013-08-16 22:45 - 00003246 _____ C:\Windows\System32\Tasks\Dealply
2013-08-16 22:45 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\eIntaller
2013-08-16 22:44 - 2013-08-16 22:44 - 00705136 _____ C:\Users\Claudia\Downloads\UltimateCodec.exe
2013-08-15 13:59 - 2013-08-15 13:59 - 00000000 ____D C:\Users\Claudia\AppData\Local\{44B396B5-9123-4B39-9E11-44FF1E79134D}
2013-08-15 03:08 - 2013-07-23 10:36 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:01 - 2012-02-21 21:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 01:40 - 2013-08-15 01:39 - 00000000 ____D C:\Users\Claudia\AppData\Local\{2CA96D2A-1BFB-4196-B126-0EE2165BAB9A}
2013-08-13 20:13 - 2013-08-13 19:48 - 00025054 _____ C:\Users\Claudia\Documents\NL Rechnung 12b-13 Kimpel.xlsx
2013-08-13 19:49 - 2013-08-13 19:42 - 00025457 _____ C:\Users\Claudia\Documents\NL Vertrag 12b-13 Kimpel.xlsx
2013-08-13 11:15 - 2013-08-13 11:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{82973E3F-6240-4B81-BC37-1417A16052FF}
2013-08-12 20:01 - 2013-01-08 17:36 - 00104448 _____ C:\Users\Public\Documents\NL ABN 2010 2009 2008 2007.xls
2013-08-12 14:00 - 2013-08-12 14:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\{DE792B33-8CE0-4A05-9DD9-4A6ABB905EF9}
2013-08-12 01:36 - 2013-08-12 01:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0201EF51-EEEA-4A34-94AD-8DA43A63376E}
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A95081BB-4BC9-4669-B635-0F87778C062A}
2013-08-12 01:20 - 2013-08-12 01:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A2BF7023-3BB6-4E6B-8F91-39633E1559B6}
2013-08-11 13:32 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 13:32 - 2013-08-07 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-11 13:28 - 2013-08-11 13:27 - 21703480 _____ (Mozilla) C:\Users\Claudia\Firefox_Setup_22.0.exe
2013-08-11 13:20 - 2013-08-11 13:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FCE37B1-405B-4471-9FBC-69DE4511873C}
2013-08-10 04:14 - 2013-08-10 04:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9ED53E98-03FD-47EE-9B8C-4D939DDE3EC9}
2013-08-09 13:54 - 2013-04-06 16:21 - 00025287 _____ C:\Users\Public\Documents\NL Rechnung 09a-13 Schäfer.lsx.xlsx
2013-08-09 12:26 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Claudia\AppData\Local\{032F903D-503D-4261-8814-FA319C18EED0}
2013-08-08 23:06 - 2013-08-08 23:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8E9A6808-043F-4BA7-95CE-8153597CFC7A}
2013-08-07 16:29 - 2013-08-07 16:29 - 00000000 ____D C:\Users\Claudia\AppData\Local\{ED3532DE-4C52-479F-AF97-2AA7440647E3}
2013-08-07 15:34 - 2013-08-07 15:28 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\EurekaLog
2013-08-07 14:09 - 2013-08-07 14:09 - 01067192 _____ (Solid State Networks) C:\Users\Claudia\Downloads\install_flashplayer11x32axau_mssd_aaa_aih.exe
2013-08-07 13:01 - 2012-08-20 16:24 - 00000000 ___RD C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-07 13:00 - 2013-08-07 13:00 - 00000936 _____ C:\Users\Claudia\Desktop\Evernote.lnk
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\Evernote
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-07 12:58 - 2013-08-07 12:56 - 55080288 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Claudia\Downloads\Evernote_4.6.7.8409.exe
2013-08-06 20:31 - 2013-08-06 20:29 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-08-06 20:29 - 2013-08-06 20:29 - 00000868 _____ C:\Users\Public\Desktop\CyberGhost VPN.lnk
2013-08-06 20:28 - 2013-08-06 20:28 - 12792880 _____ (CyberGhost S.R.L.                                           ) C:\Users\Claudia\Downloads\CGWebInstall-de.exe
2013-08-05 16:58 - 2013-08-05 16:58 - 00000000 ____D C:\Users\Claudia\AppData\Local\{54350525-DE3E-403E-913C-9F7126687766}
2013-08-04 21:40 - 2013-08-04 21:40 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 21:40 - 2012-08-20 16:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-04 21:35 - 2013-08-04 21:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0B91E2E0-6BF9-4238-9FB5-9BA627AF63FF}
2013-08-02 23:02 - 2013-08-02 23:02 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F83FEF0F-8939-4EF7-A286-771FA1652DF0}
2013-07-31 19:25 - 2013-07-31 19:24 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9849D5D8-D4BE-4E0C-9FE5-63CD0F06623B}
2013-07-31 18:09 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A83CE4E2-4CD0-443B-98FD-C3AA74EC66E9}
2013-07-31 17:57 - 2013-07-31 17:57 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F12BE577-A2BC-4E52-98EB-269E40A0FECB}
2013-07-30 09:52 - 2013-07-30 09:52 - 00000000 ____D C:\Users\Claudia\AppData\Local\{87A79A53-18E5-4E6B-AE7E-B598CB5C8925}
2013-07-30 09:50 - 2013-07-30 09:50 - 00001306 _____ C:\Users\Claudia\Desktop\Clean Registry for Free!.lnk
2013-07-29 19:07 - 2013-07-29 19:07 - 00000000 ____D C:\Users\Claudia\AppData\Local\{94CD8D6F-AB63-44C2-B9FD-86B50E63A387}
2013-07-27 15:36 - 2013-07-27 15:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{827B5947-D8D2-4C2A-B7BC-8D85AE0744B9}
2013-07-27 15:07 - 2013-07-27 15:07 - 00001162 _____ C:\Users\Claudia\Desktop\Get Live PC Help Now.lnk
2013-07-27 15:07 - 2013-07-27 15:07 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\X5400 Series
2013-07-27 14:57 - 2013-07-27 14:57 - 00000000 ____D C:\Program Files\SafeNet
2013-07-27 14:57 - 2013-07-27 14:54 - 00000000 ____D C:\Program Files (x86)\HUK Dienstprogramme
2013-07-27 14:57 - 2013-07-22 16:34 - 00000000 ____D C:\Program Files (x86)\HUK-COBURG
2013-07-27 14:56 - 2013-07-27 14:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-27 14:56 - 2012-02-21 23:33 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-27 14:56 - 2012-02-21 23:33 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-27 14:56 - 2012-02-21 23:33 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-27 14:56 - 2012-02-21 23:33 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-27 14:56 - 2012-02-21 23:33 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-27 14:56 - 2012-02-21 23:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-27 14:55 - 2013-07-27 14:55 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-27 14:55 - 2012-02-21 23:31 - 00000000 ____D C:\ProgramData\Adobe
2013-07-27 14:55 - 2012-02-21 23:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-27 14:53 - 2013-07-27 14:53 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-26 07:13 - 2013-08-15 03:14 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 03:14 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 03:14 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 03:14 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 03:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 03:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 03:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 03:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 03:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 03:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 03:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 03:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 03:14 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 03:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 01:55 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 01:55 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 17:20 - 2013-07-24 17:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{27C569CC-1C77-4DF1-B826-587B0246A496}
2013-07-23 19:42 - 2013-07-23 19:42 - 00000000 ____D C:\Users\Claudia\AppData\Local\{93071BFB-7A8D-4C25-929B-76F79D8FCB84}
2013-07-23 17:53 - 2013-07-23 17:53 - 00000178 _____ C:\lxct.log
2013-07-23 17:53 - 2013-07-23 13:51 - 00083086 _____ C:\Windows\system32\LexFiles.ulf
2013-07-23 17:51 - 2013-07-23 17:51 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0A303421-691C-4B2E-BED5-D3DAEA622F24}
2013-07-23 15:06 - 2013-07-23 15:05 - 80481712 _____ C:\Users\Claudia\Downloads\cjs5400EN (2).exe
2013-07-23 13:52 - 2013-07-23 13:51 - 00000000 ____D C:\Program Files\Lexmark X5400 Series
2013-07-23 13:52 - 2013-07-23 13:51 - 00000000 ____D C:\Program Files (x86)\Lexmark X5400 Series
2013-07-23 13:51 - 2013-07-23 13:51 - 00001080 _____ C:\Users\Public\Desktop\Lexmark Productivity Studio - X5400 Series.LNK
2013-07-23 13:51 - 2013-07-23 13:51 - 00000000 ____D C:\ProgramData\X5400 Series
2013-07-23 13:22 - 2013-07-23 13:22 - 00000000 ____D C:\lexmark
2013-07-23 13:12 - 2013-07-23 13:12 - 00001076 _____ C:\Users\Claudia\Desktop\Check PC For Errors.lnk
2013-07-23 13:12 - 2013-07-23 13:12 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Sammsoft
2013-07-23 13:12 - 2013-07-23 13:12 - 00000000 ____D C:\ProgramData\APN
2013-07-23 13:12 - 2013-07-23 13:12 - 00000000 ____D C:\Program Files (x86)\ARO 2013
2013-07-23 13:01 - 2013-07-23 13:01 - 80481712 _____ C:\Users\Claudia\Downloads\cjs5400EN (1).exe
2013-07-23 13:00 - 2013-07-23 13:00 - 80481712 _____ C:\Users\Claudia\Downloads\cjs5400EN.exe
2013-07-22 18:01 - 2012-08-20 16:15 - 00000000 ____D C:\Program Files\Google
2013-07-22 17:59 - 2013-07-16 21:58 - 00002050 _____ C:\Users\Public\Desktop\Vertriebsportal 2.lnk
2013-07-22 17:59 - 2013-05-17 16:40 - 00001304 _____ C:\Users\Public\Desktop\NetViewer.lnk
2013-07-22 17:42 - 2012-09-27 12:55 - 00000000 ____D C:\Users\Claudia\AppData\Local\Conduit
2013-07-22 17:42 - 2012-08-20 17:01 - 00000000 ____D C:\Users\Claudia\AppData\Local\Google
2013-07-22 17:20 - 2013-07-22 17:20 - 01067192 _____ (Solid State Networks) C:\Users\Claudia\Downloads\install_flashplayer11x32axau_mssa_aaa_aih (2).exe
2013-07-22 16:12 - 2013-07-22 16:12 - 00001004 _____ C:\Users\Claudia\Desktop\Fachinformationen HUK 12-10.lnk
2013-07-22 16:10 - 2013-07-22 16:05 - 00000000 ____D C:\Program Files (x86)\Fachinformationen HUK
2013-07-22 15:08 - 2013-07-22 15:08 - 00000000 ____D C:\Users\Claudia\AppData\Local\{1FEADBA0-C2AF-41B0-822B-478AC02D9786}

Files to move or delete:
====================
C:\Users\Claudia\Firefox_Setup_22.0.exe
C:\Users\Claudia\googleupdatesetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-13 15:45

==================== End Of Log ============================
         
--- --- ---


addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013
Ran by Claudia at 2013-08-21 15:29:47
Running from C:\Users\Claudia\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 2013 (Version: 8.0)
7-Zip 4.31 (x32)
abgx360 v1.0.6 (x32)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
ALDI SÜD Mah Jong (x32)
AMI VR-pulse OS Switcher (Version: 1.1)
ArcSoft ShowBiz (x32 Version: )
Ashampoo Burning Studio (x32 Version: 10.0.10)
Ashampoo Photo Commander (x32 Version: 9.2.0)
Ashampoo Photo Optimizer (x32 Version: 4.0.0)
Ashampoo Snap (x32 Version: 4.3.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Biet-O-Matic v2.14.12 (x32 Version: 2.14.12)
Biet-O-Matic v2.14.8 (x32 Version: 2.14.8)
Bing Bar (x32 Version: 6.3.2291.0)
Bing Bar Platform (x32 Version: 6.3.2291.0)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.2052)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.2052)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Essentials X5 - Common (x32 Version: 15.3)
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3)
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3)
CorelDRAW Essentials X5 - DE (x32 Version: 15.3)
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3)
CorelDRAW Essentials X5 - EN (x32 Version: 15.3)
CorelDRAW Essentials X5 - ES (x32 Version: 15.3)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0)
CorelDRAW Essentials X5 - Extra Content (x32)
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3)
CorelDRAW Essentials X5 - FR (x32 Version: 15.3)
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3)
CorelDRAW Essentials X5 - IT (x32 Version: 15.3)
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3)
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0)
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3)
CorelDRAW Essentials X5 - WT (x32 Version: 15.3)
CorelDRAW Essentials X5 (x32 Version: 15.2.0.686)
CorelDRAW Essentials X5 (x32 Version: 15.3)
CyberGhost VPN
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229)
CyberLink MediaShow (x32 Version: 5.1.2414a)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430)
CyberLink PhotoNow (x32 Version: 1.1.7717)
CyberLink Power2Go (x32 Version: 7.0.0.1327)
CyberLink PowerDirector (Version: 9.0.0.3621)
CyberLink PowerDirector (x32 Version: 9.0.0.3621)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink WaveEditor (x32 Version: 1.0.1.3320)
CyberLink YouCam 5 (x32 Version: 5.0.1402)
D3DX10 (x32 Version: 15.4.2368.0902)
DATA BECKER web to date 6.0 (x32 Version: 6.0.0.2120)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DivX-Setup (x32 Version: 2.6.1.8)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11)
Easy note taker 3.0 (x32 Version: 3.0.1.0)
eTokenEnroll (x32 Version: 3.0.0)
eTokenPasswd (x32 Version: 4.0.0)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
Fachinformationen HUK (x32 Version: 19.0.0.0)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.95)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet 6500 E710a-f Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.006.003)
HUK-COBURG Angebotssoftware VISonline (x32 Version: 11.8.1)
HUK-COBURG Infrastruktur (x32 Version: 4.3.0)
HUK-COBURG Vertriebsportal 2 (x32 Version: 4.2.2)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
inSSIDer (x32 Version: 2.1.6)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.0.0.0083)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel(R) WiDi (x32 Version: 3.0.12.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0708)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
IT9130 Driver v12.2.3.1 (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 45 (x32 Version: 6.0.450)
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.4392)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Lexmark X5400 Series
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marketsplash Schnellzugriffe (x32 Version: 1.0.1.7)
Medion Home Cinema (x32 Version: 8.0.3216)
Memeo Instant Backup (x32 Version: 4.60.0.7943)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Mathematics (64-Bit) (Version: 4.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLHUK) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MTEXT Library (x32 Version: 1.0.1)
myMugle (x32 Version: 3.0.0.0)
MyScript Notes Lite (x32 Version: 2.2.0.0)
Nvu 1.0 (x32 Version: 1.0)
O&O Defrag Professional (Version: 16.0.139)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PCSUITE SHREDDER (x32)
PHotkey (x32 Version: 1.00.0055)
PhotoScape (x32)
PlayMemories Home (x32 Version: 7.0.00.11271)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6586)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
SafeNet Authentication Client 8.1 SP2 (Version: 8.1.425.0)
SafeNet Authentication Manager Client 8.2 (Version: 8.2.158)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.107)
Sony Image Data Suite (x32 Version: 3.2.00.15160)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 22.50.231.0)
Synaptics Pointing Device Driver (Version: 16.0.0.3)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
USB Video/Audio Device Driver (x32 Version: 1.00.0000)
USIM Editor 1.0.33.0 (x32)
VIS Aktualisierung (x32 Version: 2.4.0)
VISonline Diagnose (x32 Version: 2.0.1)
VLC media player 2.0.2 (Version: 2.0.2)
VTP Aktualisierung (x32 Version: 2.5.0)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

18-08-2013 21:18:03 Removed BlueStacks Notification Center

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {042F05B3-219D-411D-9D38-D5C54740E4BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {183F8C73-8574-4E3F-8D32-BDA5C03C02D1} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-02-02] (CyberLink Corp.)
Task: {50BD9D21-C30C-437B-A460-0E2AB16400D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {873C8439-219E-44BF-B1E5-F948CE689A61} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {AFE7638D-BB1D-4B7A-8285-6F833AFEA9F6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {B8FAAC43-4B35-461E-B04F-137F46175715} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B966F1C8-429B-473E-B3F8-1B329B19E5E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {BEE4B44A-2A17-419B-92E2-BB099BDB954E} - System32\Tasks\Dealply => C:\Users\Claudia\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File
Task: {C5CB5BAE-B1AF-43FA-AEA7-F60CF32BB868} - System32\Tasks\DSite => C:\Users\Claudia\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {D1952CCA-8991-4BFC-BCC2-3942659F889F} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {E468D4C2-BDC8-4301-A946-0D3AF20684DA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Claudia\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DSite.job => C:\Users\Claudia\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2013 03:16:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 03:15:42 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/21/2013 10:40:22 AM) (Source: System.ServiceModel 4.0.0.0) (User: Claudia-PC)
Description: Der WMI-Anbieter wurde nicht registriert.

WMI-Objekt: System.ServiceModel.Administration.WbemProvider/27028566

Fehler:80041003

Prozessname: VTP

Prozess-ID: 7928

Error: (08/21/2013 10:36:47 AM) (Source: System.ServiceModel 4.0.0.0) (User: Claudia-PC)
Description: Der WMI-Anbieter wurde nicht registriert.

WMI-Objekt: System.ServiceModel.Administration.WbemProvider/50567052

Fehler:80041003

Prozessname: VTP

Prozess-ID: 7036

Error: (08/21/2013 00:15:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:14:58 AM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/20/2013 10:57:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 10:57:20 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/20/2013 10:20:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 10:20:31 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


System errors:
=============
Error: (08/21/2013 03:17:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/21/2013 03:17:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/21/2013 03:17:22 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/21/2013 03:15:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/21/2013 10:33:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel® Centrino® Wireless Bluetooth® + High Speed Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/21/2013 10:33:34 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel® Centrino® Wireless Bluetooth® + High Speed Service erreicht.

Error: (08/21/2013 10:32:28 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/21/2013 00:15:25 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde mit folgendem Fehler beendet: 
%%-2147196306

Error: (08/21/2013 00:14:30 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/21/2013 00:14:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (08/21/2013 03:16:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 03:15:42 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/21/2013 10:40:22 AM) (Source: System.ServiceModel 4.0.0.0)(User: Claudia-PC)
Description: System.ServiceModel.Administration.WbemProvider/2702856680041003VTP7928

Error: (08/21/2013 10:36:47 AM) (Source: System.ServiceModel 4.0.0.0)(User: Claudia-PC)
Description: System.ServiceModel.Administration.WbemProvider/5056705280041003VTP7036

Error: (08/21/2013 00:15:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:14:58 AM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/20/2013 10:57:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 10:57:20 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/20/2013 10:20:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2013 10:20:31 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3990.47 MB
Available physical RAM: 1952.05 MB
Total Pagefile: 7979.12 MB
Available Pagefile: 5201.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:455.48 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:20.37 GB) NTFS
Drive e: (VTP2 4.2.1) (CDROM) (Total:2.83 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 83488348)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 869010AE)
Partition 1: (Not Active) - (Size=963 MB) - (Type=06)

==================== End Of Log ============================
         
__________________

Alt 21.08.2013, 14:39   #4
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hi,

ich hab bei der ersten schnelle Durchsicht der Logs gesehen, dass du unsaubere Software nutzt. Das unterstützen wir nicht: http://www.trojaner-board.de/95394-c...-software.html

Wenn ich dir helfen soll, dann deinstalliere und entferne jetzt zuerst restlos alle illegale Software (Cracks, Keygens, etc.). Sobald alles weg ist, können wir loslegen. Sollte ich im weiteren Verlauf aber trotz dieser Warnung nochmals sowas sehen, ist Schluss.

Gib mir Bescheid, sobald es hier weiter geht.
__________________
cheers,
Leo

Alt 26.08.2013, 15:08   #5
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

__________________
cheers,
Leo

Alt 28.08.2013, 01:52   #6
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
--> IE verweigert zugriff und qvo6 als startseite, malware log gemacht

Alt 29.08.2013, 16:14   #7
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



So habe jetzt office deinstalliert und 2 neue logs:

frst.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Claudia (administrator) on 29-08-2013 17:01:56
Running from C:\Users\Claudia\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\Windows\system32\lxdvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(SafeNet, Inc.) C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\USIM Editor\iconcs151118.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost VPN\Service.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [7060848 2012-09-14] (O&O Software GmbH)
HKLM\...\Run: [SACMonitor] - C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe [2183312 2012-04-16] (SafeNet, Inc.)
HKLM\...\Run: [lxdvmon.exe] - C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2009-07-07] ()
HKLM\...\Run: [lxdvamon] - C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2009-07-07] ()
Winlogon\Notify\ScCertProp: 
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [GoogleChromeAutoLaunch_8FBDDE0DA8112CBEB0980C32BED10A6B] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288 2013-07-25] (Google Inc.)
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2013\ARO.exe [3157336 2013-07-03] (Support.com, Inc.)
MountPoints2: {bd0ade7f-eb1b-11e1-97fc-806e6f6e6963} - E:\Launch.exe
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM-x32\...\Run: [USBestCR] - C:\Program Files (x86)\USIM Editor\iconcs151118.exe [7041024 2010-07-02] ()
HKLM-x32\...\Run: [Lexmark X5400 Series] - C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [307880 2009-07-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKU\Ann-Cathrin\...\Run: [Spotify] - C:\Users\Ann-Cathrin\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-11-05] (Spotify Ltd)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
AppInit_DLLs:      [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{87CCB9C0-55B9-4110-884F-A6CB0927EF50}\DefragIcon.exe ()
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600.lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

ProxyServer: 62.240.30.201:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} -  No File
URLSearchHook: (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=484&systemid=406&sr=0&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default
FF user.js: detected! => C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\user.js
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/0069a354ac565dc1ee7d001b9c7ea218/proxy.pac"
FF NetworkProxy: "http", "77.94.48.5"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.247.119.128"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: admin - C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

Chrome: 
=======
CHR HomePage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
CHR RestoreOnStartup: "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Proxy SwitchySharp) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.10.2_0
CHR Extension: (Invite All) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih\1.25_0
CHR Extension: (Foxy Proxy Standard) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.8_0
CHR Extension: (Skype Click to Call) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Premiumize.me) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm\0.0.16_0
CHR HKLM-x32\...\Chrome\Extension: [ejnmnhkgiphcaeefbaooconkceehicfi] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CGVPNCliService; C:\Program Files\CyberGhost VPN\Service.exe [26088 2013-07-22] (CyberGhost S.R.L)
S3 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
S3 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S3 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-11-30] (DATA BECKER GmbH & Co KG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLHUK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2552176 2012-09-14] (O&O Software GmbH)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SACSrv; C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe [10384 2012-04-16] (SafeNet, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-05-04] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 16:01 - 2013-08-29 16:01 - 00002562 _____ C:\Windows\diagwrn.xml
2013-08-29 16:01 - 2013-08-29 16:01 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-29 15:44 - 2013-08-29 15:59 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00001903 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00001873 _____ C:\Users\Claudia\Desktop\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-08-29 13:34 - 2013-08-29 13:34 - 00000000 ____D C:\Users\Claudia\AppData\Local\{017DAB33-F4B4-42C5-87AA-01E167B5C9C2}
2013-08-28 19:23 - 2013-08-28 19:23 - 00068018 _____ C:\Users\Claudia\Documents\Konto Postbank (Automatisch gespeichert).xlsx
2013-08-28 19:18 - 2013-08-28 19:18 - 00280824 _____ C:\Windows\Minidump\082813-13790-01.dmp
2013-08-28 19:13 - 2013-08-28 19:13 - 00280824 _____ C:\Windows\Minidump\082813-14040-01.dmp
2013-08-28 19:09 - 2013-08-28 19:09 - 00281872 _____ C:\Windows\Minidump\082813-14071-01.dmp
2013-08-28 17:57 - 2013-08-28 17:57 - 00000165 ____H C:\Users\Public\Documents\~$Konto Postbank.xlsx
2013-08-28 16:22 - 2013-08-28 16:22 - 00281664 _____ C:\Windows\Minidump\082813-15256-01.dmp
2013-08-28 16:16 - 2013-08-28 16:17 - 00283952 _____ C:\Windows\Minidump\082813-15444-01.dmp
2013-08-28 16:04 - 2013-08-28 16:04 - 00281680 _____ C:\Windows\Minidump\082813-27190-01.dmp
2013-08-28 16:00 - 2013-08-28 16:00 - 00282072 _____ C:\Windows\Minidump\082813-16988-01.dmp
2013-08-28 15:54 - 2013-08-28 15:54 - 00284864 _____ C:\Windows\Minidump\082813-26847-01.dmp
2013-08-28 15:26 - 2013-08-28 15:27 - 00281400 _____ C:\Windows\Minidump\082813-19312-01.dmp
2013-08-28 15:22 - 2013-08-28 15:23 - 00284864 _____ C:\Windows\Minidump\082813-21060-01.dmp
2013-08-28 15:05 - 2013-08-28 15:05 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6600
2013-08-28 15:04 - 2013-08-28 15:04 - 00002120 _____ C:\Users\Public\Desktop\HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001832 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001128 _____ C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
2013-08-28 15:04 - 2011-09-09 16:22 - 00778088 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5D12.dll
2013-08-28 14:35 - 2013-08-28 14:35 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-28 11:05 - 2013-08-28 11:07 - 00000000 ____D C:\Users\Claudia\AppData\Local\{254F66FC-933F-42D9-82D7-BD11A5C2FF0D}
2013-08-27 11:16 - 2013-08-27 11:18 - 00000000 ____D C:\Users\Claudia\AppData\Local\{31CB6FFC-C371-4AD8-8E15-B3118E59A42C}
2013-08-26 13:36 - 2013-08-26 13:36 - 00284864 _____ C:\Windows\Minidump\082613-13587-01.dmp
2013-08-26 11:35 - 2013-08-26 11:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{B1D647E1-143B-4CAE-BE32-52029DCF3E88}
2013-08-25 13:06 - 2013-08-25 13:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0C9945AC-2DFB-47A4-B9CC-C8867F2AD61B}
2013-08-24 14:31 - 2013-08-24 14:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\CyberGhost
2013-08-24 14:30 - 2013-08-24 14:31 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-08-24 14:26 - 2013-08-24 14:30 - 00001750 _____ C:\Users\Claudia\Desktop\CyberGhost VPN.lnk
2013-08-24 13:54 - 2013-08-24 13:56 - 00000000 ____D C:\Program Files\TAP-Windows
2013-08-21 23:17 - 2013-08-21 23:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{838C924C-C305-49D7-B501-DD7D2E147824}
2013-08-21 15:30 - 2013-08-21 15:30 - 00039967 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-08-21 15:28 - 2013-08-21 15:28 - 00000000 ____D C:\FRST
2013-08-21 12:24 - 2013-08-21 12:24 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 12:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Users\Claudia\AppData\Local\{816270E0-A8BC-4CD4-B9B8-2C067E81216D}
2013-08-20 11:38 - 2013-08-20 11:38 - 00281216 _____ C:\Windows\Minidump\082013-16957-01.dmp
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\Claudia\AppData\Local\{5EFEF317-3D79-43A4-BCB9-32385D239DEF}
2013-08-19 16:28 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\.appwork
2013-08-18 23:33 - 2013-08-18 23:33 - 00019267 _____ C:\AdwCleaner[R2].txt
2013-08-18 23:31 - 2013-08-18 23:31 - 00019206 _____ C:\AdwCleaner[R1].txt
2013-08-18 21:49 - 2013-08-18 21:49 - 00000000 ____D C:\Users\Claudia\AppData\Local\{019AD6AB-35F1-47C1-8711-B0EB43A520AC}
2013-08-17 18:39 - 2013-08-28 19:18 - 598225044 _____ C:\Windows\MEMORY.DMP
2013-08-17 18:39 - 2013-08-28 19:18 - 00000000 ____D C:\Windows\Minidump
2013-08-17 18:39 - 2013-08-17 18:40 - 00282752 _____ C:\Windows\Minidump\081713-22573-01.dmp
2013-08-17 17:11 - 2013-08-17 18:30 - 00025180 _____ C:\Users\Claudia\Documents\NL Rechnung 13a-13 Engel.xlsx
2013-08-17 17:10 - 2013-08-17 18:30 - 00025395 _____ C:\Users\Claudia\Documents\NL Vertrag 13a-13 Engel.xlsx
2013-08-17 16:41 - 2013-08-17 16:42 - 00000000 ____D C:\Users\Claudia\AppData\Local\{37F86E81-D05F-4A0D-B071-46DAB2C49730}
2013-08-17 12:17 - 2013-08-17 12:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FD6400F-6FA3-4BA8-81BB-99073C11C2F9}
2013-08-17 00:08 - 2013-08-17 00:08 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DivX
2013-08-16 23:46 - 2013-08-16 23:46 - 00000057 _____ C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-08-16 23:46 - 2013-08-16 23:46 - 00000005 _____ C:\Users\Claudia\AppData\Roaming\WBPU-TTL.DAT
2013-08-16 22:48 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\AppData\Local\JDownloader v2.0
2013-08-16 22:48 - 2013-08-16 22:48 - 00001621 _____ C:\Users\Claudia\Desktop\DivX Movies.lnk
2013-08-16 22:47 - 2013-08-21 15:36 - 00000000 ____D C:\ProgramData\eSafe
2013-08-16 22:47 - 2013-08-18 23:09 - 00000000 ____D C:\Program Files\DivX
2013-08-16 22:46 - 2013-08-18 23:09 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-16 22:46 - 2013-08-17 18:46 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-16 22:46 - 2013-08-16 22:46 - 00003242 _____ C:\Windows\System32\Tasks\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Local\DealPlyLive
2013-08-16 22:45 - 2013-08-18 23:10 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-08-16 22:45 - 2013-08-18 23:10 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-16 22:45 - 2013-08-18 23:09 - 00000000 ____D C:\ProgramData\DivX
2013-08-16 22:45 - 2013-08-17 18:45 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-16 22:45 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\LavFilters
2013-08-16 22:45 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\CDXReader
2013-08-16 22:45 - 2013-08-16 22:45 - 00003246 _____ C:\Windows\System32\Tasks\Dealply
2013-08-16 22:45 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\eIntaller
2013-08-15 13:59 - 2013-08-15 13:59 - 00000000 ____D C:\Users\Claudia\AppData\Local\{44B396B5-9123-4B39-9E11-44FF1E79134D}
2013-08-15 03:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:14 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:14 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:55 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 01:55 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 01:55 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 01:55 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 01:55 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 01:55 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 01:55 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 01:55 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 01:55 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 01:55 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 01:55 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 01:55 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 01:55 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 01:55 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 01:55 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 01:55 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 01:55 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 01:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 01:39 - 2013-08-15 01:40 - 00000000 ____D C:\Users\Claudia\AppData\Local\{2CA96D2A-1BFB-4196-B126-0EE2165BAB9A}
2013-08-13 19:48 - 2013-08-13 20:13 - 00025054 _____ C:\Users\Claudia\Documents\NL Rechnung 12b-13 Kimpel.xlsx
2013-08-13 19:42 - 2013-08-13 19:49 - 00025457 _____ C:\Users\Claudia\Documents\NL Vertrag 12b-13 Kimpel.xlsx
2013-08-13 11:14 - 2013-08-13 11:15 - 00000000 ____D C:\Users\Claudia\AppData\Local\{82973E3F-6240-4B81-BC37-1417A16052FF}
2013-08-12 14:00 - 2013-08-12 14:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\{DE792B33-8CE0-4A05-9DD9-4A6ABB905EF9}
2013-08-12 01:36 - 2013-08-12 01:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0201EF51-EEEA-4A34-94AD-8DA43A63376E}
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A95081BB-4BC9-4669-B635-0F87778C062A}
2013-08-12 01:20 - 2013-08-12 01:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A2BF7023-3BB6-4E6B-8F91-39633E1559B6}
2013-08-11 13:32 - 2013-08-16 22:47 - 00001381 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-11 13:32 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 13:27 - 2013-08-11 13:28 - 21703480 _____ (Mozilla) C:\Users\Claudia\Firefox_Setup_22.0.exe
2013-08-11 13:20 - 2013-08-11 13:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FCE37B1-405B-4471-9FBC-69DE4511873C}
2013-08-10 04:14 - 2013-08-10 04:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9ED53E98-03FD-47EE-9B8C-4D939DDE3EC9}
2013-08-09 12:26 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Claudia\AppData\Local\{032F903D-503D-4261-8814-FA319C18EED0}
2013-08-08 23:06 - 2013-08-08 23:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8E9A6808-043F-4BA7-95CE-8153597CFC7A}
2013-08-07 16:29 - 2013-08-07 16:29 - 00000000 ____D C:\Users\Claudia\AppData\Local\{ED3532DE-4C52-479F-AF97-2AA7440647E3}
2013-08-07 15:28 - 2013-08-07 15:34 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\EurekaLog
2013-08-07 14:16 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 13:00 - 2013-08-07 13:00 - 00000936 _____ C:\Users\Claudia\Desktop\Evernote.lnk
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\Evernote
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-05 16:58 - 2013-08-05 16:58 - 00000000 ____D C:\Users\Claudia\AppData\Local\{54350525-DE3E-403E-913C-9F7126687766}
2013-08-04 21:40 - 2013-08-04 21:40 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 21:35 - 2013-08-04 21:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0B91E2E0-6BF9-4238-9FB5-9BA627AF63FF}
2013-08-02 23:02 - 2013-08-02 23:02 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F83FEF0F-8939-4EF7-A286-771FA1652DF0}
2013-07-31 19:24 - 2013-07-31 19:25 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9849D5D8-D4BE-4E0C-9FE5-63CD0F06623B}
2013-07-31 18:09 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A83CE4E2-4CD0-443B-98FD-C3AA74EC66E9}
2013-07-31 17:57 - 2013-07-31 17:57 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F12BE577-A2BC-4E52-98EB-269E40A0FECB}
2013-07-30 09:52 - 2013-07-30 09:52 - 00000000 ____D C:\Users\Claudia\AppData\Local\{87A79A53-18E5-4E6B-AE7E-B598CB5C8925}
2013-07-30 09:50 - 2013-07-30 09:50 - 00001306 _____ C:\Users\Claudia\Desktop\Clean Registry for Free!.lnk

==================== One Month Modified Files and Folders =======

2013-08-29 17:01 - 2012-08-26 11:33 - 00000000 ____D C:\Users\Claudia\Downloads\Programme
2013-08-29 17:00 - 2013-08-29 17:00 - 01579080 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2013-08-29 17:00 - 2013-05-20 22:20 - 00000000 ____D C:\Users\Claudia\Desktop\JDownloader2BETA
2013-08-29 16:56 - 2012-08-21 17:43 - 00000000 ____D C:\Program Files (x86)\Biet-O-Matic
2013-08-29 16:56 - 2012-08-20 16:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 16:54 - 2012-08-20 16:12 - 01425023 _____ C:\Windows\WindowsUpdate.log
2013-08-29 16:13 - 2012-09-13 16:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 16:01 - 2013-08-29 16:01 - 00002562 _____ C:\Windows\diagwrn.xml
2013-08-29 16:01 - 2013-08-29 16:01 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-29 16:01 - 2013-04-11 13:29 - 00000917 _____ C:\Windows\setupact.log
2013-08-29 16:01 - 2013-04-11 13:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 16:01 - 2012-02-21 20:50 - 00754682 _____ C:\Windows\system32\perfh007.dat
2013-08-29 16:01 - 2012-02-21 20:50 - 00172382 _____ C:\Windows\system32\perfc007.dat
2013-08-29 16:01 - 2009-07-14 07:13 - 01763064 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 15:59 - 2013-08-29 15:44 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00001903 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00001873 _____ C:\Users\Claudia\Desktop\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-08-29 14:57 - 2009-07-14 06:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:57 - 2009-07-14 06:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:49 - 2012-08-20 16:29 - 00000000 ____D C:\Users\Claudia\Documents\Youcam
2013-08-29 14:49 - 2012-08-20 16:25 - 00159376 _____ C:\Users\Claudia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 14:45 - 2013-07-22 15:06 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-29 14:45 - 2012-12-24 21:57 - 00277076 _____ C:\Windows\system32\oodbs.lor
2013-08-29 14:45 - 2012-08-20 16:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 14:45 - 2010-11-21 05:47 - 00126238 _____ C:\Windows\PFRO.log
2013-08-29 14:45 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 14:45 - 2009-07-14 06:45 - 00578536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-29 14:35 - 2012-12-24 18:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-29 14:34 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2013-08-29 14:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-29 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-29 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-29 14:31 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2013-08-29 13:34 - 2013-08-29 13:34 - 00000000 ____D C:\Users\Claudia\AppData\Local\{017DAB33-F4B4-42C5-87AA-01E167B5C9C2}
2013-08-28 19:26 - 2013-01-08 18:39 - 00023553 _____ C:\Users\Public\Documents\NL Buchhaltung 2013.xlsx
2013-08-28 19:23 - 2013-08-28 19:23 - 00068018 _____ C:\Users\Claudia\Documents\Konto Postbank (Automatisch gespeichert).xlsx
2013-08-28 19:18 - 2013-08-28 19:18 - 00280824 _____ C:\Windows\Minidump\082813-13790-01.dmp
2013-08-28 19:18 - 2013-08-17 18:39 - 598225044 _____ C:\Windows\MEMORY.DMP
2013-08-28 19:18 - 2013-08-17 18:39 - 00000000 ____D C:\Windows\Minidump
2013-08-28 19:13 - 2013-08-28 19:13 - 00280824 _____ C:\Windows\Minidump\082813-14040-01.dmp
2013-08-28 19:09 - 2013-08-28 19:09 - 00281872 _____ C:\Windows\Minidump\082813-14071-01.dmp
2013-08-28 17:57 - 2013-08-28 17:57 - 00000165 ____H C:\Users\Public\Documents\~$Konto Postbank.xlsx
2013-08-28 16:22 - 2013-08-28 16:22 - 00281664 _____ C:\Windows\Minidump\082813-15256-01.dmp
2013-08-28 16:17 - 2013-08-28 16:16 - 00283952 _____ C:\Windows\Minidump\082813-15444-01.dmp
2013-08-28 16:04 - 2013-08-28 16:04 - 00281680 _____ C:\Windows\Minidump\082813-27190-01.dmp
2013-08-28 16:00 - 2013-08-28 16:00 - 00282072 _____ C:\Windows\Minidump\082813-16988-01.dmp
2013-08-28 15:54 - 2013-08-28 15:54 - 00284864 _____ C:\Windows\Minidump\082813-26847-01.dmp
2013-08-28 15:27 - 2013-08-28 15:26 - 00281400 _____ C:\Windows\Minidump\082813-19312-01.dmp
2013-08-28 15:23 - 2013-08-28 15:22 - 00284864 _____ C:\Windows\Minidump\082813-21060-01.dmp
2013-08-28 15:20 - 2012-09-13 12:37 - 00000000 ____D C:\Users\Claudia\AppData\Local\HP
2013-08-28 15:20 - 2012-08-20 16:24 - 00000000 ___RD C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 15:05 - 2013-08-28 15:05 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6600
2013-08-28 15:05 - 2012-09-13 12:46 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-08-28 15:04 - 2013-08-28 15:04 - 00002120 _____ C:\Users\Public\Desktop\HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001832 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001128 _____ C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
2013-08-28 15:04 - 2012-09-13 12:44 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-28 15:03 - 2012-09-13 12:44 - 00000000 ____D C:\ProgramData\HP
2013-08-28 15:02 - 2012-09-13 12:44 - 00000000 ____D C:\Program Files\HP
2013-08-28 14:35 - 2013-08-28 14:35 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-28 11:07 - 2013-08-28 11:05 - 00000000 ____D C:\Users\Claudia\AppData\Local\{254F66FC-933F-42D9-82D7-BD11A5C2FF0D}
2013-08-27 11:18 - 2013-08-27 11:16 - 00000000 ____D C:\Users\Claudia\AppData\Local\{31CB6FFC-C371-4AD8-8E15-B3118E59A42C}
2013-08-26 13:36 - 2013-08-26 13:36 - 00284864 _____ C:\Windows\Minidump\082613-13587-01.dmp
2013-08-26 11:35 - 2013-08-26 11:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{B1D647E1-143B-4CAE-BE32-52029DCF3E88}
2013-08-25 13:06 - 2013-08-25 13:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0C9945AC-2DFB-47A4-B9CC-C8867F2AD61B}
2013-08-24 14:35 - 2013-08-24 14:31 - 00000000 ____D C:\Users\Claudia\AppData\Local\CyberGhost
2013-08-24 14:35 - 2012-08-20 16:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\VirtualStore
2013-08-24 14:31 - 2013-08-24 14:30 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-08-24 14:30 - 2013-08-24 14:26 - 00001750 _____ C:\Users\Claudia\Desktop\CyberGhost VPN.lnk
2013-08-24 13:56 - 2013-08-24 13:54 - 00000000 ____D C:\Program Files\TAP-Windows
2013-08-23 15:02 - 2012-09-13 16:15 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 15:02 - 2012-09-13 16:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-23 15:02 - 2012-02-21 23:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 23:17 - 2013-08-21 23:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{838C924C-C305-49D7-B501-DD7D2E147824}
2013-08-21 15:36 - 2013-08-16 22:47 - 00000000 ____D C:\ProgramData\eSafe
2013-08-21 15:30 - 2013-08-21 15:30 - 00039967 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-08-21 15:28 - 2013-08-21 15:28 - 00000000 ____D C:\FRST
2013-08-21 15:08 - 2012-12-24 18:43 - 00000000 ____D C:\Windows\AutoKMS
2013-08-21 12:24 - 2013-08-21 12:24 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 10:40 - 2013-07-16 22:11 - 00000452 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-21 10:32 - 2013-07-22 15:06 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-21 00:16 - 2012-12-24 18:43 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Users\Claudia\AppData\Local\{816270E0-A8BC-4CD4-B9B8-2C067E81216D}
2013-08-20 11:38 - 2013-08-20 11:38 - 00281216 _____ C:\Windows\Minidump\082013-16957-01.dmp
2013-08-19 20:10 - 2013-01-09 20:13 - 00066133 _____ C:\Users\Public\Documents\Konto Postbank.xlsx
2013-08-19 20:10 - 2013-01-08 17:39 - 00084480 _____ C:\Users\Public\Documents\NL Nebenkosten.xls
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\Claudia\AppData\Local\{5EFEF317-3D79-43A4-BCB9-32385D239DEF}
2013-08-19 16:28 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\.appwork
2013-08-19 16:28 - 2013-08-16 22:48 - 00000000 ____D C:\Users\Claudia\AppData\Local\JDownloader v2.0
2013-08-19 16:28 - 2012-08-20 16:23 - 00000000 ____D C:\Users\Claudia
2013-08-19 02:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 23:33 - 2013-08-18 23:33 - 00019267 _____ C:\AdwCleaner[R2].txt
2013-08-18 23:31 - 2013-08-18 23:31 - 00019206 _____ C:\AdwCleaner[R1].txt
2013-08-18 23:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-18 23:10 - 2013-08-16 22:45 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-08-18 23:10 - 2013-08-16 22:45 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-08-18 23:09 - 2013-08-16 22:47 - 00000000 ____D C:\Program Files\DivX
2013-08-18 23:09 - 2013-08-16 22:46 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-18 23:09 - 2013-08-16 22:45 - 00000000 ____D C:\ProgramData\DivX
2013-08-18 21:49 - 2013-08-18 21:49 - 00000000 ____D C:\Users\Claudia\AppData\Local\{019AD6AB-35F1-47C1-8711-B0EB43A520AC}
2013-08-18 00:16 - 2012-09-14 20:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\vlc
2013-08-17 18:46 - 2013-08-16 22:46 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-17 18:45 - 2013-08-16 22:45 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-17 18:40 - 2013-08-17 18:39 - 00282752 _____ C:\Windows\Minidump\081713-22573-01.dmp
2013-08-17 18:30 - 2013-08-17 17:11 - 00025180 _____ C:\Users\Claudia\Documents\NL Rechnung 13a-13 Engel.xlsx
2013-08-17 18:30 - 2013-08-17 17:10 - 00025395 _____ C:\Users\Claudia\Documents\NL Vertrag 13a-13 Engel.xlsx
2013-08-17 16:42 - 2013-08-17 16:41 - 00000000 ____D C:\Users\Claudia\AppData\Local\{37F86E81-D05F-4A0D-B071-46DAB2C49730}
2013-08-17 12:17 - 2013-08-17 12:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FD6400F-6FA3-4BA8-81BB-99073C11C2F9}
2013-08-17 00:08 - 2013-08-17 00:08 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DivX
2013-08-16 23:46 - 2013-08-16 23:46 - 00000057 _____ C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-08-16 23:46 - 2013-08-16 23:46 - 00000005 _____ C:\Users\Claudia\AppData\Roaming\WBPU-TTL.DAT
2013-08-16 22:48 - 2013-08-16 22:48 - 00001621 _____ C:\Users\Claudia\Desktop\DivX Movies.lnk
2013-08-16 22:47 - 2013-08-11 13:32 - 00001381 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-16 22:47 - 2013-04-06 12:12 - 00002413 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-16 22:47 - 2012-08-20 16:24 - 00001667 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-16 22:47 - 2012-08-20 16:24 - 00001633 _____ C:\Users\Claudia\Desktop\Internet Explorer (64-bit).lnk
2013-08-16 22:46 - 2013-08-16 22:46 - 00003242 _____ C:\Windows\System32\Tasks\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DSite
2013-08-16 22:46 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Local\DealPlyLive
2013-08-16 22:46 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\LavFilters
2013-08-16 22:46 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\CDXReader
2013-08-16 22:45 - 2013-08-16 22:45 - 00003246 _____ C:\Windows\System32\Tasks\Dealply
2013-08-16 22:45 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\eIntaller
2013-08-15 13:59 - 2013-08-15 13:59 - 00000000 ____D C:\Users\Claudia\AppData\Local\{44B396B5-9123-4B39-9E11-44FF1E79134D}
2013-08-15 03:08 - 2013-07-23 10:36 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:01 - 2012-02-21 21:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 01:40 - 2013-08-15 01:39 - 00000000 ____D C:\Users\Claudia\AppData\Local\{2CA96D2A-1BFB-4196-B126-0EE2165BAB9A}
2013-08-13 20:13 - 2013-08-13 19:48 - 00025054 _____ C:\Users\Claudia\Documents\NL Rechnung 12b-13 Kimpel.xlsx
2013-08-13 19:49 - 2013-08-13 19:42 - 00025457 _____ C:\Users\Claudia\Documents\NL Vertrag 12b-13 Kimpel.xlsx
2013-08-13 11:15 - 2013-08-13 11:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{82973E3F-6240-4B81-BC37-1417A16052FF}
2013-08-12 20:01 - 2013-01-08 17:36 - 00104448 _____ C:\Users\Public\Documents\NL ABN 2010 2009 2008 2007.xls
2013-08-12 14:00 - 2013-08-12 14:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\{DE792B33-8CE0-4A05-9DD9-4A6ABB905EF9}
2013-08-12 01:36 - 2013-08-12 01:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0201EF51-EEEA-4A34-94AD-8DA43A63376E}
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A95081BB-4BC9-4669-B635-0F87778C062A}
2013-08-12 01:20 - 2013-08-12 01:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A2BF7023-3BB6-4E6B-8F91-39633E1559B6}
2013-08-11 13:32 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 13:32 - 2013-08-07 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-11 13:28 - 2013-08-11 13:27 - 21703480 _____ (Mozilla) C:\Users\Claudia\Firefox_Setup_22.0.exe
2013-08-11 13:20 - 2013-08-11 13:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FCE37B1-405B-4471-9FBC-69DE4511873C}
2013-08-10 04:14 - 2013-08-10 04:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9ED53E98-03FD-47EE-9B8C-4D939DDE3EC9}
2013-08-09 13:54 - 2013-04-06 16:21 - 00025287 _____ C:\Users\Public\Documents\NL Rechnung 09a-13 Schäfer.lsx.xlsx
2013-08-09 12:26 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Claudia\AppData\Local\{032F903D-503D-4261-8814-FA319C18EED0}
2013-08-08 23:06 - 2013-08-08 23:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8E9A6808-043F-4BA7-95CE-8153597CFC7A}
2013-08-07 16:29 - 2013-08-07 16:29 - 00000000 ____D C:\Users\Claudia\AppData\Local\{ED3532DE-4C52-479F-AF97-2AA7440647E3}
2013-08-07 15:34 - 2013-08-07 15:28 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\EurekaLog
2013-08-07 13:00 - 2013-08-07 13:00 - 00000936 _____ C:\Users\Claudia\Desktop\Evernote.lnk
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\Evernote
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-05 16:58 - 2013-08-05 16:58 - 00000000 ____D C:\Users\Claudia\AppData\Local\{54350525-DE3E-403E-913C-9F7126687766}
2013-08-04 21:40 - 2013-08-04 21:40 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 21:40 - 2012-08-20 16:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-04 21:35 - 2013-08-04 21:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0B91E2E0-6BF9-4238-9FB5-9BA627AF63FF}
2013-08-02 23:02 - 2013-08-02 23:02 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F83FEF0F-8939-4EF7-A286-771FA1652DF0}
2013-07-31 19:25 - 2013-07-31 19:24 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9849D5D8-D4BE-4E0C-9FE5-63CD0F06623B}
2013-07-31 18:09 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A83CE4E2-4CD0-443B-98FD-C3AA74EC66E9}
2013-07-31 17:57 - 2013-07-31 17:57 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F12BE577-A2BC-4E52-98EB-269E40A0FECB}
2013-07-30 09:52 - 2013-07-30 09:52 - 00000000 ____D C:\Users\Claudia\AppData\Local\{87A79A53-18E5-4E6B-AE7E-B598CB5C8925}
2013-07-30 09:50 - 2013-07-30 09:50 - 00001306 _____ C:\Users\Claudia\Desktop\Clean Registry for Free!.lnk

Files to move or delete:
====================
C:\Users\Claudia\Firefox_Setup_22.0.exe
C:\Users\Claudia\googleupdatesetup.exe
C:\Users\Claudia\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Claudia\AppData\Local\Temp\proxy_vole7100288300087732046.dll
C:\Users\Claudia\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Claudia\AppData\Local\Temp\tbFile.dll
C:\Users\Claudia\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Claudia\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Claudia\AppData\Local\Temp\{934E6144-991C-4931-99BB-23FFFF9E0BEA}\ISBEW64.exe
C:\Users\Claudia\AppData\Local\Temp\Temporary ASP.NET Files\root\295beb6b\c873c373\assembly\dl3\f204aec9\00d41b7c_f8c6cd01\WebServiceUpdate.DLL
C:\Users\Claudia\AppData\Local\Temp\Temporary ASP.NET Files\root\295beb6b\c873c373\assembly\dl3\12de5245\00b8d376_c2beca01\lwp_logger_tcp_plugin.DLL
C:\Users\Claudia\AppData\Local\Temp\OO Software\OO LiveUpdate\OO Defrag Professional 16\OOLiveUpdateWorker.exe
C:\Users\Claudia\AppData\Local\Temp\nst1585.tmp\OCSetupHlp.dll
C:\Users\Claudia\AppData\Local\Temp\jna-Claudia\jna6196626911200170531.dll
C:\Users\Claudia\AppData\Local\Temp\is961225091\594971_Setup.EXE
C:\Users\Claudia\AppData\Local\Temp\is961225091\665098_Setup.EXE
C:\Users\Claudia\AppData\Local\Temp\is961225091\MySearchDial.exe
C:\Users\Claudia\AppData\Local\Temp\is357113909\478099_Setup.EXE
C:\Users\Claudia\AppData\Local\Temp\is357113909\CodecPack.exe
C:\Users\Claudia\AppData\Local\Temp\is357113909\dp.exe
C:\Users\Claudia\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Claudia\AppData\Local\Temp\is-QRHOV.tmp\soref.dll
C:\Users\Claudia\AppData\Local\Temp\is-390AC.tmp\_isetup\_shfoldr.dll
C:\Users\Claudia\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-13 15:45

==================== End Of Log ============================
         
--- --- ---


und addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Claudia at 2013-08-29 17:02:53
Running from C:\Users\Claudia\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 2013 (Version: 8.0)
7-Zip 4.31 (x32)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
ALDI SÜD Mah Jong (x32)
AMI VR-pulse OS Switcher (Version: 1.1)
ArcSoft ShowBiz (x32 Version: )
Ashampoo Burning Studio (x32 Version: 10.0.10)
Ashampoo Photo Commander (x32 Version: 9.2.0)
Ashampoo Photo Optimizer (x32 Version: 4.0.0)
Ashampoo Snap (x32 Version: 4.3.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Bing Bar (x32 Version: 6.3.2291.0)
Bing Bar Platform (x32 Version: 6.3.2291.0)
Cisco AnyConnect Secure Mobility Client  (x32 Version: 3.0.2052)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.2052)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Essentials X5 - Common (x32 Version: 15.3)
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3)
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3)
CorelDRAW Essentials X5 - DE (x32 Version: 15.3)
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3)
CorelDRAW Essentials X5 - EN (x32 Version: 15.3)
CorelDRAW Essentials X5 - ES (x32 Version: 15.3)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0)
CorelDRAW Essentials X5 - Extra Content (x32)
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3)
CorelDRAW Essentials X5 - FR (x32 Version: 15.3)
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3)
CorelDRAW Essentials X5 - IT (x32 Version: 15.3)
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3)
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0)
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3)
CorelDRAW Essentials X5 - WT (x32 Version: 15.3)
CorelDRAW Essentials X5 (x32 Version: 15.2.0.686)
CorelDRAW Essentials X5 (x32 Version: 15.3)
CyberGhost VPN
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229)
CyberLink MediaShow (x32 Version: 5.1.2414a)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430)
CyberLink PhotoNow (x32 Version: 1.1.7717)
CyberLink Power2Go (x32 Version: 7.0.0.1327)
CyberLink PowerDirector (Version: 9.0.0.3621)
CyberLink PowerDirector (x32 Version: 9.0.0.3621)
CyberLink PowerDVD 10 (x32 Version: 10.0.3622.02)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink WaveEditor (x32 Version: 1.0.1.3320)
CyberLink YouCam 5 (x32 Version: 5.0.1402)
D3DX10 (x32 Version: 15.4.2368.0902)
DATA BECKER web to date 6.0 (x32 Version: 6.0.0.2120)
DivX-Setup (x32 Version: 2.6.1.8)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11)
Easy note taker 3.0 (x32 Version: 3.0.1.0)
eTokenEnroll (x32 Version: 3.0.0)
eTokenPasswd (x32 Version: 4.0.0)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
Fachinformationen HUK (x32 Version: 19.0.0.0)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.95)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet 6500 E710a-f Hilfe (x32 Version: 140.0.2.2)
HP Officejet 6600 - Grundlegende Software für das Gerät (Version: 25.0.619.0)
HP Officejet 6600 Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.003.000.004)
HUK-COBURG Angebotssoftware VISonline (x32 Version: 11.8.1)
HUK-COBURG Infrastruktur (x32 Version: 4.3.0)
HUK-COBURG Vertriebsportal 2 (x32 Version: 4.2.2)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
ImgBurn (x32 Version: 2.5.8.0)
inSSIDer (x32 Version: 2.1.6)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2712)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.0.0.0083)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.0.0.0086)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel(R) WiDi (x32 Version: 3.0.12.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0708)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
IT9130 Driver v12.2.3.1 (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 45 (x32 Version: 6.0.450)
Java(TM) 7 Update 2 (64-bit) (Version: 7.0.20)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.4392)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Lexmark X5400 Series
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marketsplash Schnellzugriffe (x32 Version: 1.0.1.7)
Medion Home Cinema (x32 Version: 8.0.3216)
Memeo Instant Backup (x32 Version: 4.60.0.7943)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Mathematics (64-Bit) (Version: 4.0)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLHUK) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MTEXT Library (x32 Version: 1.0.1)
myMugle (x32 Version: 3.0.0.0)
MyScript Notes Lite (x32 Version: 2.2.0.0)
Nvu 1.0 (x32 Version: 1.0)
O&O Defrag Professional (Version: 16.0.139)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PCSUITE SHREDDER (x32)
PHotkey (x32 Version: 1.00.0055)
PhotoScape (x32)
PlayMemories Home (x32 Version: 7.0.00.11271)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6586)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
SafeNet Authentication Client 8.1 SP2 (Version: 8.1.425.0)
SafeNet Authentication Manager Client 8.2 (Version: 8.2.158)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.3 (x32 Version: 6.3.107)
Sony Image Data Suite (x32 Version: 3.2.00.15160)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 22.50.231.0)
Studie zur Verbesserung von HP Officejet 6600 Produkten (Version: 25.0.619.0)
Synaptics Pointing Device Driver (Version: 16.0.0.3)
TAP-Windows 9.9.2 (Version: 9.9.2)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.5000.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
USB Video/Audio Device Driver (x32 Version: 1.00.0000)
USIM Editor 1.0.33.0 (x32)
VIS Aktualisierung (x32 Version: 2.4.0)
VISonline Diagnose (x32 Version: 2.0.1)
VLC media player 2.0.2 (Version: 2.0.2)
VTP Aktualisierung (x32 Version: 2.5.0)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

29-08-2013 11:29:08 Windows Update
29-08-2013 12:29:42 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {042F05B3-219D-411D-9D38-D5C54740E4BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {183F8C73-8574-4E3F-8D32-BDA5C03C02D1} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2012-02-02] (CyberLink Corp.)
Task: {50BD9D21-C30C-437B-A460-0E2AB16400D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-20] (Google Inc.)
Task: {873C8439-219E-44BF-B1E5-F948CE689A61} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-21] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-21] (Microsoft Corporation)
Task: {A8745861-40DE-4AB1-ACDA-BE29A65DBFED} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {AFE7638D-BB1D-4B7A-8285-6F833AFEA9F6} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {B8FAAC43-4B35-461E-B04F-137F46175715} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B966F1C8-429B-473E-B3F8-1B329B19E5E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23] (Adobe Systems Incorporated)
Task: {BEE4B44A-2A17-419B-92E2-BB099BDB954E} - System32\Tasks\Dealply => C:\Users\Claudia\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File
Task: {C5CB5BAE-B1AF-43FA-AEA7-F60CF32BB868} - System32\Tasks\DSite => C:\Users\Claudia\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE No File
Task: {CD1E941B-0715-4264-B94E-1BB3E861155D} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {D1952CCA-8991-4BFC-BCC2-3942659F889F} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-21] (Microsoft Corporation)
Task: {E468D4C2-BDC8-4301-A946-0D3AF20684DA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Claudia\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DSite.job => C:\Users\Claudia\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Claudia\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Claudia\Documents\advertentie in de vakantierubriek.eml:OECustomProperty


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2013 02:46:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2013 02:45:59 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 07:19:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 07:18:58 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 07:15:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 07:14:04 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 07:10:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 07:09:38 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 04:23:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 04:22:39 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


System errors:
=============
Error: (08/29/2013 02:45:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/29/2013 01:28:27 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (08/28/2013 07:19:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde mit folgendem Fehler beendet: 
%%-2147196306

Error: (08/28/2013 07:18:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/28/2013 07:18:38 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff8000308ba85, 0xfffff8800be83cf0, 0x0000000000000000)C:\Windows\MEMORY.DMP082813-13790-01

Error: (08/28/2013 07:18:35 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎08.‎2013 um 19:16:33 unerwartet heruntergefahren.

Error: (08/28/2013 07:13:50 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/28/2013 07:13:44 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP082813-14040-01

Error: (08/28/2013 07:13:41 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎08.‎2013 um 19:12:09 unerwartet heruntergefahren.

Error: (08/28/2013 07:09:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Afa Card Reader Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (08/29/2013 02:46:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2013 02:45:59 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 07:19:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 07:18:58 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 07:15:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 07:14:04 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 07:10:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 07:09:38 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/28/2013 04:23:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2013 04:22:39 PM) (Source: MemeoBackgroundService)(User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3990.47 MB
Available physical RAM: 2027.84 MB
Total Pagefile: 7979.12 MB
Available Pagefile: 5216.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:647.54 GB) (Free:475.21 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:20.37 GB) NTFS
Drive e: (VTP2 4.2.1) (CDROM) (Total:2.83 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 83488348)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=648 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
MfG

Alt 29.08.2013, 16:18   #8
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hi,

hast du diese Proxies gesetzt?
Code:
ATTFilter
ProxyServer: 62.240.30.201:8080
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/0069a354ac565dc1ee7d001b9c7ea218/proxy.pac"
FF NetworkProxy: "http", "77.94.48.5"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.247.119.128"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 1
         

Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von FRST
__________________
cheers,
Leo

Alt 29.08.2013, 17:04   #9
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Vielen Dank schon mal, die komische Startseite qvo6 ist schon mal weg.
Die Proxies waren von einer App für Chrome, also sind Proxies von mir gesetzt worden.

Hier die logs:

Log von AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.001 - Report created 29/08/2013 at 17:54:58
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Claudia - CLAUDIA-PC
# Running from : C:\Users\Claudia\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Users\Claudia\AppData\Local\Conduit
Folder Deleted : C:\Users\Claudia\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\Claudia\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Claudia\AppData\Local\PackageAware
Folder Deleted : C:\Users\Claudia\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Claudia\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Claudia\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Claudia\AppData\Roaming\DSite
Folder Deleted : C:\Users\Claudia\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Ann-Cathrin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ann-Cathrin\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Ann-Cathrin\AppData\LocalLow\Searchqutoolbar
File Deleted : C:\Users\Claudia\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml
File Deleted : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\user.js
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\ALDI Süd Blumen Service.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\ALDI Süd Reisen.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\ALDI Süd Startseite.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\ALDI Talk.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\eBay.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\MEDIONhome.lnk
Shortcut Disinfected : C:\Users\Claudia\Desktop\destkop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Claudia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Claudia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Claudia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\dealplylive
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dealplylive
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (de)

[ File : C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "qvo6");
Line Deleted : user_pref("browser.search.order.1", "qvo6");
Line Deleted : user_pref("browser.search.selectedEngine", "qvo6");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

[ File : C:\Users\Ann-Cathrin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12146 octets] - [29/08/2013 17:53:09]
AdwCleaner[S0].txt - [8753 octets] - [29/08/2013 17:54:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8813 octets] ##########
         

Log von FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Claudia (administrator) on 29-08-2013 18:02:36
Running from C:\Users\Claudia\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
( ) C:\Windows\system32\lxdvcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost VPN\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SafeNet, Inc.) C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
() C:\Program Files (x86)\USIM Editor\iconcs151118.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2884880 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [x]
HKLM\...\Run: [SACMonitor] - C:\Program Files\Aladdin\eToken\SAC\x64\SACMonitor.exe [2183312 2012-04-16] (SafeNet, Inc.)
HKLM\...\Run: [lxdvmon.exe] - C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2009-07-07] ()
HKLM\...\Run: [lxdvamon] - C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2009-07-07] ()
Winlogon\Notify\ScCertProp: 
HKCU\...\Run: [] -  [x]
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2013\ARO.exe [3157336 2013-07-03] (Support.com, Inc.)
MountPoints2: {bd0ade7f-eb1b-11e1-97fc-806e6f6e6963} - E:\Launch.exe
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM-x32\...\Run: [USBestCR] - C:\Program Files (x86)\USIM Editor\iconcs151118.exe [7041024 2010-07-02] ()
HKLM-x32\...\Run: [Lexmark X5400 Series] - C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [307880 2009-07-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKU\Ann-Cathrin\...\Run: [Spotify] - C:\Users\Ann-Cathrin\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-11-05] (Spotify Ltd)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [129 2009-10-23] ()
AppInit_DLLs:      [0 ] ()
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600.lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

ProxyServer: 62.240.30.201:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
URLSearchHook: (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} -  No File
URLSearchHook: (No Name) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} -  No File
URLSearchHook: (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {213C8ED6-1D78-4D8F-8729-25006AA86A76} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/0069a354ac565dc1ee7d001b9c7ea218/proxy.pac"
FF NetworkProxy: "http", "77.94.48.5"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "54.247.119.128"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: admin - C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\3ggbr1u1.default\Extensions\admin@proxy-listen.de.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [ejnmnhkgiphcaeefbaooconkceehicfi] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] ()
R2 CGVPNCliService; C:\Program Files\CyberGhost VPN\Service.exe [26088 2013-07-22] (CyberGhost S.R.L)
S3 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
S3 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S3 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2012-11-30] (DATA BECKER GmbH & Co KG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLHUK; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 SACSrv; C:\Program Files\Aladdin\eToken\SAC\x64\SACSrv.exe [10384 2012-04-16] (SafeNet, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 AfaService; C:\Windows\system32\afasrv64.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-05-04] (ITE                      )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 17:51 - 2013-08-29 17:55 - 00000000 ____D C:\AdwCleaner
2013-08-29 17:50 - 2013-08-29 17:50 - 00994642 _____ C:\Users\Claudia\Downloads\adwcleaner.exe
2013-08-29 17:02 - 2013-08-29 17:03 - 00042935 _____ C:\Users\Claudia\Downloads\Addition.txt
2013-08-29 17:00 - 2013-08-29 17:00 - 01579080 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2013-08-29 16:01 - 2013-08-29 16:01 - 00002562 _____ C:\Windows\diagwrn.xml
2013-08-29 16:01 - 2013-08-29 16:01 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-29 15:44 - 2013-08-29 15:59 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00001903 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00001873 _____ C:\Users\Claudia\Desktop\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-08-29 13:34 - 2013-08-29 13:34 - 00000000 ____D C:\Users\Claudia\AppData\Local\{017DAB33-F4B4-42C5-87AA-01E167B5C9C2}
2013-08-28 19:23 - 2013-08-28 19:23 - 00068018 _____ C:\Users\Claudia\Documents\Konto Postbank (Automatisch gespeichert).xlsx
2013-08-28 19:18 - 2013-08-28 19:18 - 00280824 _____ C:\Windows\Minidump\082813-13790-01.dmp
2013-08-28 19:13 - 2013-08-28 19:13 - 00280824 _____ C:\Windows\Minidump\082813-14040-01.dmp
2013-08-28 19:09 - 2013-08-28 19:09 - 00281872 _____ C:\Windows\Minidump\082813-14071-01.dmp
2013-08-28 17:57 - 2013-08-28 17:57 - 00000165 ____H C:\Users\Public\Documents\~$Konto Postbank.xlsx
2013-08-28 16:22 - 2013-08-28 16:22 - 00281664 _____ C:\Windows\Minidump\082813-15256-01.dmp
2013-08-28 16:16 - 2013-08-28 16:17 - 00283952 _____ C:\Windows\Minidump\082813-15444-01.dmp
2013-08-28 16:04 - 2013-08-28 16:04 - 00281680 _____ C:\Windows\Minidump\082813-27190-01.dmp
2013-08-28 16:00 - 2013-08-28 16:00 - 00282072 _____ C:\Windows\Minidump\082813-16988-01.dmp
2013-08-28 15:54 - 2013-08-28 15:54 - 00284864 _____ C:\Windows\Minidump\082813-26847-01.dmp
2013-08-28 15:26 - 2013-08-28 15:27 - 00281400 _____ C:\Windows\Minidump\082813-19312-01.dmp
2013-08-28 15:22 - 2013-08-28 15:23 - 00284864 _____ C:\Windows\Minidump\082813-21060-01.dmp
2013-08-28 15:05 - 2013-08-28 15:05 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6600
2013-08-28 15:04 - 2013-08-28 15:04 - 00002120 _____ C:\Users\Public\Desktop\HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001832 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001128 _____ C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
2013-08-28 15:04 - 2011-09-09 16:22 - 00778088 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5D12.dll
2013-08-28 14:35 - 2013-08-28 14:35 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-28 11:05 - 2013-08-28 11:07 - 00000000 ____D C:\Users\Claudia\AppData\Local\{254F66FC-933F-42D9-82D7-BD11A5C2FF0D}
2013-08-27 11:16 - 2013-08-27 11:18 - 00000000 ____D C:\Users\Claudia\AppData\Local\{31CB6FFC-C371-4AD8-8E15-B3118E59A42C}
2013-08-26 13:36 - 2013-08-26 13:36 - 00284864 _____ C:\Windows\Minidump\082613-13587-01.dmp
2013-08-26 11:35 - 2013-08-26 11:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{B1D647E1-143B-4CAE-BE32-52029DCF3E88}
2013-08-25 13:06 - 2013-08-25 13:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0C9945AC-2DFB-47A4-B9CC-C8867F2AD61B}
2013-08-24 14:31 - 2013-08-24 14:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\CyberGhost
2013-08-24 14:30 - 2013-08-24 14:31 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-08-24 14:26 - 2013-08-24 14:30 - 00001750 _____ C:\Users\Claudia\Desktop\CyberGhost VPN.lnk
2013-08-24 13:54 - 2013-08-24 13:56 - 00000000 ____D C:\Program Files\TAP-Windows
2013-08-21 23:17 - 2013-08-21 23:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{838C924C-C305-49D7-B501-DD7D2E147824}
2013-08-21 15:30 - 2013-08-21 15:30 - 00039967 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-08-21 15:28 - 2013-08-21 15:28 - 00000000 ____D C:\FRST
2013-08-21 12:24 - 2013-08-21 12:24 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 12:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Users\Claudia\AppData\Local\{816270E0-A8BC-4CD4-B9B8-2C067E81216D}
2013-08-20 11:38 - 2013-08-20 11:38 - 00281216 _____ C:\Windows\Minidump\082013-16957-01.dmp
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\Claudia\AppData\Local\{5EFEF317-3D79-43A4-BCB9-32385D239DEF}
2013-08-19 16:28 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\.appwork
2013-08-18 23:33 - 2013-08-18 23:33 - 00019267 _____ C:\AdwCleaner[R2].txt
2013-08-18 23:31 - 2013-08-18 23:31 - 00019206 _____ C:\AdwCleaner[R1].txt
2013-08-18 21:49 - 2013-08-18 21:49 - 00000000 ____D C:\Users\Claudia\AppData\Local\{019AD6AB-35F1-47C1-8711-B0EB43A520AC}
2013-08-17 18:39 - 2013-08-28 19:18 - 598225044 _____ C:\Windows\MEMORY.DMP
2013-08-17 18:39 - 2013-08-28 19:18 - 00000000 ____D C:\Windows\Minidump
2013-08-17 18:39 - 2013-08-17 18:40 - 00282752 _____ C:\Windows\Minidump\081713-22573-01.dmp
2013-08-17 17:11 - 2013-08-17 18:30 - 00025180 _____ C:\Users\Claudia\Documents\NL Rechnung 13a-13 Engel.xlsx
2013-08-17 17:10 - 2013-08-17 18:30 - 00025395 _____ C:\Users\Claudia\Documents\NL Vertrag 13a-13 Engel.xlsx
2013-08-17 16:41 - 2013-08-17 16:42 - 00000000 ____D C:\Users\Claudia\AppData\Local\{37F86E81-D05F-4A0D-B071-46DAB2C49730}
2013-08-17 12:17 - 2013-08-17 12:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FD6400F-6FA3-4BA8-81BB-99073C11C2F9}
2013-08-17 00:08 - 2013-08-17 00:08 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DivX
2013-08-16 23:46 - 2013-08-16 23:46 - 00000057 _____ C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-08-16 23:46 - 2013-08-16 23:46 - 00000005 _____ C:\Users\Claudia\AppData\Roaming\WBPU-TTL.DAT
2013-08-16 22:48 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\AppData\Local\JDownloader v2.0
2013-08-16 22:48 - 2013-08-16 22:48 - 00001621 _____ C:\Users\Claudia\Desktop\DivX Movies.lnk
2013-08-16 22:47 - 2013-08-18 23:09 - 00000000 ____D C:\Program Files\DivX
2013-08-16 22:46 - 2013-08-18 23:09 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-16 22:45 - 2013-08-18 23:10 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-08-16 22:45 - 2013-08-18 23:09 - 00000000 ____D C:\ProgramData\DivX
2013-08-16 22:45 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\LavFilters
2013-08-16 22:45 - 2013-08-16 22:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\CDXReader
2013-08-15 13:59 - 2013-08-15 13:59 - 00000000 ____D C:\Users\Claudia\AppData\Local\{44B396B5-9123-4B39-9E11-44FF1E79134D}
2013-08-15 03:14 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:14 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:14 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:14 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:14 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:14 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:14 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:14 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:14 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:14 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:14 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:14 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:14 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:14 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:55 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 01:55 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 01:55 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 01:55 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 01:55 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 01:55 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 01:55 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 01:55 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 01:55 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 01:55 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 01:55 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 01:55 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 01:55 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 01:55 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 01:55 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 01:55 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 01:55 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 01:55 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 01:55 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 01:55 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 01:55 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-15 01:39 - 2013-08-15 01:40 - 00000000 ____D C:\Users\Claudia\AppData\Local\{2CA96D2A-1BFB-4196-B126-0EE2165BAB9A}
2013-08-13 19:48 - 2013-08-13 20:13 - 00025054 _____ C:\Users\Claudia\Documents\NL Rechnung 12b-13 Kimpel.xlsx
2013-08-13 19:42 - 2013-08-13 19:49 - 00025457 _____ C:\Users\Claudia\Documents\NL Vertrag 12b-13 Kimpel.xlsx
2013-08-13 11:14 - 2013-08-13 11:15 - 00000000 ____D C:\Users\Claudia\AppData\Local\{82973E3F-6240-4B81-BC37-1417A16052FF}
2013-08-12 14:00 - 2013-08-12 14:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\{DE792B33-8CE0-4A05-9DD9-4A6ABB905EF9}
2013-08-12 01:36 - 2013-08-12 01:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0201EF51-EEEA-4A34-94AD-8DA43A63376E}
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A95081BB-4BC9-4669-B635-0F87778C062A}
2013-08-12 01:20 - 2013-08-12 01:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A2BF7023-3BB6-4E6B-8F91-39633E1559B6}
2013-08-11 13:32 - 2013-08-29 17:55 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-11 13:32 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 13:20 - 2013-08-11 13:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FCE37B1-405B-4471-9FBC-69DE4511873C}
2013-08-10 04:14 - 2013-08-10 04:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9ED53E98-03FD-47EE-9B8C-4D939DDE3EC9}
2013-08-09 12:26 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Claudia\AppData\Local\{032F903D-503D-4261-8814-FA319C18EED0}
2013-08-08 23:06 - 2013-08-08 23:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8E9A6808-043F-4BA7-95CE-8153597CFC7A}
2013-08-07 16:29 - 2013-08-07 16:29 - 00000000 ____D C:\Users\Claudia\AppData\Local\{ED3532DE-4C52-479F-AF97-2AA7440647E3}
2013-08-07 15:28 - 2013-08-07 15:34 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\EurekaLog
2013-08-07 14:16 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 13:00 - 2013-08-07 13:00 - 00000936 _____ C:\Users\Claudia\Desktop\Evernote.lnk
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\Evernote
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-05 16:58 - 2013-08-05 16:58 - 00000000 ____D C:\Users\Claudia\AppData\Local\{54350525-DE3E-403E-913C-9F7126687766}
2013-08-04 21:40 - 2013-08-04 21:40 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 21:35 - 2013-08-04 21:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0B91E2E0-6BF9-4238-9FB5-9BA627AF63FF}
2013-08-02 23:02 - 2013-08-02 23:02 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F83FEF0F-8939-4EF7-A286-771FA1652DF0}
2013-07-31 19:24 - 2013-07-31 19:25 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9849D5D8-D4BE-4E0C-9FE5-63CD0F06623B}
2013-07-31 18:09 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A83CE4E2-4CD0-443B-98FD-C3AA74EC66E9}
2013-07-31 17:57 - 2013-07-31 17:57 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F12BE577-A2BC-4E52-98EB-269E40A0FECB}
2013-07-30 09:52 - 2013-07-30 09:52 - 00000000 ____D C:\Users\Claudia\AppData\Local\{87A79A53-18E5-4E6B-AE7E-B598CB5C8925}
2013-07-30 09:50 - 2013-07-30 09:50 - 00001306 _____ C:\Users\Claudia\Desktop\Clean Registry for Free!.lnk

==================== One Month Modified Files and Folders =======

2013-08-29 18:01 - 2012-08-20 16:29 - 00000000 ____D C:\Users\Claudia\Documents\Youcam
2013-08-29 17:59 - 2012-08-20 16:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 17:57 - 2013-07-22 15:06 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-29 17:57 - 2013-04-11 13:29 - 00000973 _____ C:\Windows\setupact.log
2013-08-29 17:57 - 2010-11-21 05:47 - 00127354 _____ C:\Windows\PFRO.log
2013-08-29 17:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 17:56 - 2012-08-20 16:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 17:56 - 2012-08-20 16:12 - 01433009 _____ C:\Windows\WindowsUpdate.log
2013-08-29 17:55 - 2013-08-29 17:51 - 00000000 ____D C:\AdwCleaner
2013-08-29 17:55 - 2013-08-11 13:32 - 00001057 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-29 17:55 - 2013-04-06 12:12 - 00001294 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-29 17:55 - 2012-10-10 11:27 - 00000000 ____D C:\Users\Claudia\Desktop\destkop
2013-08-29 17:55 - 2012-08-20 16:24 - 00001003 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-29 17:55 - 2012-08-20 16:24 - 00000973 _____ C:\Users\Claudia\Desktop\Internet Explorer (64-bit).lnk
2013-08-29 17:53 - 2013-05-06 13:15 - 00028672 ___SH C:\Users\Claudia\Thumbs.db
2013-08-29 17:53 - 2012-08-20 16:23 - 00000000 ____D C:\Users\Claudia
2013-08-29 17:50 - 2013-08-29 17:50 - 00994642 _____ C:\Users\Claudia\Downloads\adwcleaner.exe
2013-08-29 17:13 - 2012-09-13 16:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 17:03 - 2013-08-29 17:02 - 00042935 _____ C:\Users\Claudia\Downloads\Addition.txt
2013-08-29 17:01 - 2012-08-26 11:33 - 00000000 ____D C:\Users\Claudia\Downloads\Programme
2013-08-29 17:00 - 2013-08-29 17:00 - 01579080 _____ (Farbar) C:\Users\Claudia\Downloads\FRST64.exe
2013-08-29 17:00 - 2013-05-20 22:20 - 00000000 ____D C:\Users\Claudia\Desktop\JDownloader2BETA
2013-08-29 16:56 - 2012-08-21 17:43 - 00000000 ____D C:\Program Files (x86)\Biet-O-Matic
2013-08-29 16:01 - 2013-08-29 16:01 - 00002562 _____ C:\Windows\diagwrn.xml
2013-08-29 16:01 - 2013-08-29 16:01 - 00001908 _____ C:\Windows\diagerr.xml
2013-08-29 16:01 - 2013-04-11 13:29 - 00000000 _____ C:\Windows\setuperr.log
2013-08-29 16:01 - 2012-02-21 20:50 - 00754682 _____ C:\Windows\system32\perfh007.dat
2013-08-29 16:01 - 2012-02-21 20:50 - 00172382 _____ C:\Windows\system32\perfc007.dat
2013-08-29 16:01 - 2009-07-14 07:13 - 01763064 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-29 15:59 - 2013-08-29 15:44 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00001903 _____ C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00001873 _____ C:\Users\Claudia\Desktop\ImgBurn.lnk
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
2013-08-29 15:10 - 2013-08-29 15:10 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-08-29 14:57 - 2009-07-14 06:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:57 - 2009-07-14 06:45 - 00017488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 14:49 - 2012-08-20 16:25 - 00159376 _____ C:\Users\Claudia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 14:45 - 2009-07-14 06:45 - 00578536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-29 14:35 - 2012-12-24 18:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-29 14:34 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2013-08-29 14:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-29 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-29 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-08-29 14:31 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2013-08-29 13:34 - 2013-08-29 13:34 - 00000000 ____D C:\Users\Claudia\AppData\Local\{017DAB33-F4B4-42C5-87AA-01E167B5C9C2}
2013-08-28 19:26 - 2013-01-08 18:39 - 00023553 _____ C:\Users\Public\Documents\NL Buchhaltung 2013.xlsx
2013-08-28 19:23 - 2013-08-28 19:23 - 00068018 _____ C:\Users\Claudia\Documents\Konto Postbank (Automatisch gespeichert).xlsx
2013-08-28 19:18 - 2013-08-28 19:18 - 00280824 _____ C:\Windows\Minidump\082813-13790-01.dmp
2013-08-28 19:18 - 2013-08-17 18:39 - 598225044 _____ C:\Windows\MEMORY.DMP
2013-08-28 19:18 - 2013-08-17 18:39 - 00000000 ____D C:\Windows\Minidump
2013-08-28 19:13 - 2013-08-28 19:13 - 00280824 _____ C:\Windows\Minidump\082813-14040-01.dmp
2013-08-28 19:09 - 2013-08-28 19:09 - 00281872 _____ C:\Windows\Minidump\082813-14071-01.dmp
2013-08-28 17:57 - 2013-08-28 17:57 - 00000165 ____H C:\Users\Public\Documents\~$Konto Postbank.xlsx
2013-08-28 16:22 - 2013-08-28 16:22 - 00281664 _____ C:\Windows\Minidump\082813-15256-01.dmp
2013-08-28 16:17 - 2013-08-28 16:16 - 00283952 _____ C:\Windows\Minidump\082813-15444-01.dmp
2013-08-28 16:04 - 2013-08-28 16:04 - 00281680 _____ C:\Windows\Minidump\082813-27190-01.dmp
2013-08-28 16:00 - 2013-08-28 16:00 - 00282072 _____ C:\Windows\Minidump\082813-16988-01.dmp
2013-08-28 15:54 - 2013-08-28 15:54 - 00284864 _____ C:\Windows\Minidump\082813-26847-01.dmp
2013-08-28 15:27 - 2013-08-28 15:26 - 00281400 _____ C:\Windows\Minidump\082813-19312-01.dmp
2013-08-28 15:23 - 2013-08-28 15:22 - 00284864 _____ C:\Windows\Minidump\082813-21060-01.dmp
2013-08-28 15:20 - 2012-09-13 12:37 - 00000000 ____D C:\Users\Claudia\AppData\Local\HP
2013-08-28 15:20 - 2012-08-20 16:24 - 00000000 ___RD C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 15:05 - 2013-08-28 15:05 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 6600
2013-08-28 15:05 - 2012-09-13 12:46 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-08-28 15:04 - 2013-08-28 15:04 - 00002120 _____ C:\Users\Public\Desktop\HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001832 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
2013-08-28 15:04 - 2013-08-28 15:04 - 00001128 _____ C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
2013-08-28 15:04 - 2012-09-13 12:44 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-28 15:03 - 2012-09-13 12:44 - 00000000 ____D C:\ProgramData\HP
2013-08-28 15:02 - 2012-09-13 12:44 - 00000000 ____D C:\Program Files\HP
2013-08-28 14:35 - 2013-08-28 14:35 - 00000057 _____ C:\ProgramData\Ament.ini
2013-08-28 11:07 - 2013-08-28 11:05 - 00000000 ____D C:\Users\Claudia\AppData\Local\{254F66FC-933F-42D9-82D7-BD11A5C2FF0D}
2013-08-27 11:18 - 2013-08-27 11:16 - 00000000 ____D C:\Users\Claudia\AppData\Local\{31CB6FFC-C371-4AD8-8E15-B3118E59A42C}
2013-08-26 13:36 - 2013-08-26 13:36 - 00284864 _____ C:\Windows\Minidump\082613-13587-01.dmp
2013-08-26 11:35 - 2013-08-26 11:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{B1D647E1-143B-4CAE-BE32-52029DCF3E88}
2013-08-25 13:06 - 2013-08-25 13:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0C9945AC-2DFB-47A4-B9CC-C8867F2AD61B}
2013-08-24 14:35 - 2013-08-24 14:31 - 00000000 ____D C:\Users\Claudia\AppData\Local\CyberGhost
2013-08-24 14:35 - 2012-08-20 16:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\VirtualStore
2013-08-24 14:31 - 2013-08-24 14:30 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-08-24 14:30 - 2013-08-24 14:26 - 00001750 _____ C:\Users\Claudia\Desktop\CyberGhost VPN.lnk
2013-08-24 13:56 - 2013-08-24 13:54 - 00000000 ____D C:\Program Files\TAP-Windows
2013-08-23 15:02 - 2012-09-13 16:15 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-23 15:02 - 2012-09-13 16:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-23 15:02 - 2012-02-21 23:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 23:17 - 2013-08-21 23:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{838C924C-C305-49D7-B501-DD7D2E147824}
2013-08-21 15:30 - 2013-08-21 15:30 - 00039967 _____ C:\Users\Claudia\Desktop\Addition.txt
2013-08-21 15:28 - 2013-08-21 15:28 - 00000000 ____D C:\FRST
2013-08-21 15:08 - 2012-12-24 18:43 - 00000000 ____D C:\Windows\AutoKMS
2013-08-21 12:24 - 2013-08-21 12:24 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-21 12:24 - 2013-08-21 12:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-21 10:40 - 2013-07-16 22:11 - 00000452 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-08-21 10:32 - 2013-07-22 15:06 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-21 00:16 - 2012-12-24 18:43 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Users\Claudia\AppData\Local\{816270E0-A8BC-4CD4-B9B8-2C067E81216D}
2013-08-20 11:38 - 2013-08-20 11:38 - 00281216 _____ C:\Windows\Minidump\082013-16957-01.dmp
2013-08-19 20:10 - 2013-01-09 20:13 - 00066133 _____ C:\Users\Public\Documents\Konto Postbank.xlsx
2013-08-19 20:10 - 2013-01-08 17:39 - 00084480 _____ C:\Users\Public\Documents\NL Nebenkosten.xls
2013-08-19 16:44 - 2013-08-19 16:44 - 00000000 ____D C:\Users\Claudia\AppData\Local\{5EFEF317-3D79-43A4-BCB9-32385D239DEF}
2013-08-19 16:28 - 2013-08-19 16:28 - 00000000 ____D C:\Users\Claudia\.appwork
2013-08-19 16:28 - 2013-08-16 22:48 - 00000000 ____D C:\Users\Claudia\AppData\Local\JDownloader v2.0
2013-08-19 02:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-18 23:33 - 2013-08-18 23:33 - 00019267 _____ C:\AdwCleaner[R2].txt
2013-08-18 23:31 - 2013-08-18 23:31 - 00019206 _____ C:\AdwCleaner[R1].txt
2013-08-18 23:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-18 23:10 - 2013-08-16 22:45 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-08-18 23:09 - 2013-08-16 22:47 - 00000000 ____D C:\Program Files\DivX
2013-08-18 23:09 - 2013-08-16 22:46 - 00000000 ____D C:\Program Files (x86)\DivX
2013-08-18 23:09 - 2013-08-16 22:45 - 00000000 ____D C:\ProgramData\DivX
2013-08-18 21:49 - 2013-08-18 21:49 - 00000000 ____D C:\Users\Claudia\AppData\Local\{019AD6AB-35F1-47C1-8711-B0EB43A520AC}
2013-08-18 00:16 - 2012-09-14 20:46 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\vlc
2013-08-17 18:40 - 2013-08-17 18:39 - 00282752 _____ C:\Windows\Minidump\081713-22573-01.dmp
2013-08-17 18:30 - 2013-08-17 17:11 - 00025180 _____ C:\Users\Claudia\Documents\NL Rechnung 13a-13 Engel.xlsx
2013-08-17 18:30 - 2013-08-17 17:10 - 00025395 _____ C:\Users\Claudia\Documents\NL Vertrag 13a-13 Engel.xlsx
2013-08-17 16:42 - 2013-08-17 16:41 - 00000000 ____D C:\Users\Claudia\AppData\Local\{37F86E81-D05F-4A0D-B071-46DAB2C49730}
2013-08-17 12:17 - 2013-08-17 12:17 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FD6400F-6FA3-4BA8-81BB-99073C11C2F9}
2013-08-17 00:08 - 2013-08-17 00:08 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\DivX
2013-08-16 23:46 - 2013-08-16 23:46 - 00000057 _____ C:\Users\Claudia\AppData\Roaming\WB.CFG
2013-08-16 23:46 - 2013-08-16 23:46 - 00000005 _____ C:\Users\Claudia\AppData\Roaming\WBPU-TTL.DAT
2013-08-16 22:48 - 2013-08-16 22:48 - 00001621 _____ C:\Users\Claudia\Desktop\DivX Movies.lnk
2013-08-16 22:46 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\LavFilters
2013-08-16 22:46 - 2013-08-16 22:45 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\CDXReader
2013-08-15 13:59 - 2013-08-15 13:59 - 00000000 ____D C:\Users\Claudia\AppData\Local\{44B396B5-9123-4B39-9E11-44FF1E79134D}
2013-08-15 03:08 - 2013-07-23 10:36 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:01 - 2012-02-21 21:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 01:40 - 2013-08-15 01:39 - 00000000 ____D C:\Users\Claudia\AppData\Local\{2CA96D2A-1BFB-4196-B126-0EE2165BAB9A}
2013-08-13 20:13 - 2013-08-13 19:48 - 00025054 _____ C:\Users\Claudia\Documents\NL Rechnung 12b-13 Kimpel.xlsx
2013-08-13 19:49 - 2013-08-13 19:42 - 00025457 _____ C:\Users\Claudia\Documents\NL Vertrag 12b-13 Kimpel.xlsx
2013-08-13 11:15 - 2013-08-13 11:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{82973E3F-6240-4B81-BC37-1417A16052FF}
2013-08-12 20:01 - 2013-01-08 17:36 - 00104448 _____ C:\Users\Public\Documents\NL ABN 2010 2009 2008 2007.xls
2013-08-12 14:00 - 2013-08-12 14:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\{DE792B33-8CE0-4A05-9DD9-4A6ABB905EF9}
2013-08-12 01:36 - 2013-08-12 01:36 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0201EF51-EEEA-4A34-94AD-8DA43A63376E}
2013-08-12 01:23 - 2013-08-12 01:23 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A95081BB-4BC9-4669-B635-0F87778C062A}
2013-08-12 01:20 - 2013-08-12 01:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A2BF7023-3BB6-4E6B-8F91-39633E1559B6}
2013-08-11 13:32 - 2013-08-11 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 13:32 - 2013-08-07 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-11 13:20 - 2013-08-11 13:20 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8FCE37B1-405B-4471-9FBC-69DE4511873C}
2013-08-10 04:14 - 2013-08-10 04:14 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9ED53E98-03FD-47EE-9B8C-4D939DDE3EC9}
2013-08-09 13:54 - 2013-04-06 16:21 - 00025287 _____ C:\Users\Public\Documents\NL Rechnung 09a-13 Schäfer.lsx.xlsx
2013-08-09 12:26 - 2013-08-09 12:26 - 00000000 ____D C:\Users\Claudia\AppData\Local\{032F903D-503D-4261-8814-FA319C18EED0}
2013-08-08 23:06 - 2013-08-08 23:06 - 00000000 ____D C:\Users\Claudia\AppData\Local\{8E9A6808-043F-4BA7-95CE-8153597CFC7A}
2013-08-07 16:29 - 2013-08-07 16:29 - 00000000 ____D C:\Users\Claudia\AppData\Local\{ED3532DE-4C52-479F-AF97-2AA7440647E3}
2013-08-07 15:34 - 2013-08-07 15:28 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\EurekaLog
2013-08-07 13:00 - 2013-08-07 13:00 - 00000936 _____ C:\Users\Claudia\Desktop\Evernote.lnk
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Users\Claudia\AppData\Local\Evernote
2013-08-07 13:00 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files (x86)\Evernote
2013-08-05 16:58 - 2013-08-05 16:58 - 00000000 ____D C:\Users\Claudia\AppData\Local\{54350525-DE3E-403E-913C-9F7126687766}
2013-08-04 21:40 - 2013-08-04 21:40 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 21:40 - 2012-08-20 16:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-04 21:35 - 2013-08-04 21:35 - 00000000 ____D C:\Users\Claudia\AppData\Local\{0B91E2E0-6BF9-4238-9FB5-9BA627AF63FF}
2013-08-02 23:02 - 2013-08-02 23:02 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F83FEF0F-8939-4EF7-A286-771FA1652DF0}
2013-07-31 19:25 - 2013-07-31 19:24 - 00000000 ____D C:\Users\Claudia\AppData\Local\{9849D5D8-D4BE-4E0C-9FE5-63CD0F06623B}
2013-07-31 18:09 - 2013-07-31 18:09 - 00000000 ____D C:\Users\Claudia\AppData\Local\{A83CE4E2-4CD0-443B-98FD-C3AA74EC66E9}
2013-07-31 17:57 - 2013-07-31 17:57 - 00000000 ____D C:\Users\Claudia\AppData\Local\{F12BE577-A2BC-4E52-98EB-269E40A0FECB}
2013-07-30 09:52 - 2013-07-30 09:52 - 00000000 ____D C:\Users\Claudia\AppData\Local\{87A79A53-18E5-4E6B-AE7E-B598CB5C8925}
2013-07-30 09:50 - 2013-07-30 09:50 - 00001306 _____ C:\Users\Claudia\Desktop\Clean Registry for Free!.lnk

Files to move or delete:
====================
C:\Users\Claudia\AppData\Local\Temp\proxy_vole7100288300087732046.dll
C:\Users\Claudia\AppData\Local\Temp\Quarantine.exe
C:\Users\Claudia\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Claudia\AppData\Local\Temp\tbFile.dll
C:\Users\Claudia\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Claudia\AppData\Local\Temp\{934E6144-991C-4931-99BB-23FFFF9E0BEA}\ISBEW64.exe
C:\Users\Claudia\AppData\Local\Temp\Temporary ASP.NET Files\root\295beb6b\c873c373\assembly\dl3\f204aec9\00d41b7c_f8c6cd01\WebServiceUpdate.DLL
C:\Users\Claudia\AppData\Local\Temp\Temporary ASP.NET Files\root\295beb6b\c873c373\assembly\dl3\12de5245\00b8d376_c2beca01\lwp_logger_tcp_plugin.DLL
C:\Users\Claudia\AppData\Local\Temp\OO Software\OO LiveUpdate\OO Defrag Professional 16\OOLiveUpdateWorker.exe
C:\Users\Claudia\AppData\Local\Temp\jna-Claudia\jna6196626911200170531.dll
C:\Users\Claudia\AppData\Local\Temp\is961225091\594971_Setup.EXE
C:\Users\Claudia\AppData\Local\Temp\is961225091\665098_Setup.EXE
C:\Users\Claudia\AppData\Local\Temp\is961225091\MySearchDial.exe
C:\Users\Claudia\AppData\Local\Temp\is357113909\478099_Setup.EXE
C:\Users\Claudia\AppData\Local\Temp\is357113909\CodecPack.exe
C:\Users\Claudia\AppData\Local\Temp\is357113909\dp.exe
C:\Users\Claudia\AppData\Local\Temp\is357113909\wajam_validate.exe
C:\Users\Claudia\AppData\Local\Temp\is-QRHOV.tmp\soref.dll
C:\Users\Claudia\AppData\Local\Temp\is-390AC.tmp\_isetup\_shfoldr.dll
C:\Users\Claudia\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-13 15:45

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 29.08.2013, 17:05   #10
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Und die obige Frage zu den Proxies?
__________________
cheers,
Leo

Alt 29.08.2013, 17:08   #11
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hatte Beitrag schon editiert, die Proxies waren erwünscht, hab eine App für Chrome die diese gesetzt hat.

MfG

Alt 29.08.2013, 17:15   #12
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Ok, da war ich zu schnell mit nachfragen..

Wie läuft der Rechner? Alles normal?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
2013-08-21 10:32 - 2013-07-22 15:06 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-21 00:16 - 2012-12-24 18:43 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-29 17:57 - 2013-07-22 15:06 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-21 15:08 - 2012-12-24 18:43 - 00000000 ____D C:\Windows\AutoKMS
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von ESET
__________________
cheers,
Leo

Alt 29.08.2013, 18:52   #13
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Leider läuft der PC nicht besser. Es kommt immer noch zur Fehlermeldung, die ich im ersten Post beschrieben habe und mir ist aufgefallen, dass ich über den IE ebay.de nicht direkt aufrufen kann, nur über die google suche. Bei einem sofort kauf kommt dann die bekannte Meldung und das Fenster reagiert nicht mehr.
Viel schlimmer ist aber was bei dem eset scan passiert ist, da dieser länger dauerte bin ich vom Laptop weg und als ich wieder kam, hatte ich einen Bluescreen, leider konnte ich den Fehlercode nicht notieren, da der PC neustartete. Zur Info wir hatten vor ein paar Tagen einen neuen Drucker gekauft, den ich während des Scans angeschlossen hatte.

Werde den Scan nun wiederholen, hier der erste log.

Fixlog von FRST

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
Ran by Claudia at 2013-08-29 18:38:34 Run:1
Running from C:\Users\Claudia\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST750LM022XHN-M750MBB_S2USJ9AC315244&ts=1376685932
2013-08-21 10:32 - 2013-07-22 15:06 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-21 00:16 - 2012-12-24 18:43 - 00151552 _____ C:\Windows\KMSEmulator.exe
2013-08-29 17:57 - 2013-07-22 15:06 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2013-08-21 15:08 - 2012-12-24 18:43 - 00000000 ____D C:\Windows\AutoKMS
         
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
C:\Windows\KMSEmulator.exe => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.

"C:\Windows\AutoKMS" directory move:

C:\Windows\AutoKMS\AutoKMS.ini => Moved successfully.
C:\Windows\AutoKMS\AutoKMS.log => Moved successfully.
Could not move "C:\Windows\AutoKMS" directory. => Scheduled to move on reboot.


=========== Result of Scheduled Files to move ===========

"C:\Windows\AutoKMS" => Directory could not move.

==== End of Fixlog ====
         

Alt 30.08.2013, 08:45   #14
aharonov
/// TB-Ausbilder
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Ok, ich warte noch auf das ESET-Log und dann gehen wir den anderen Problemem nach.
__________________
cheers,
Leo

Alt 31.08.2013, 12:07   #15
Mannifred
 
IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Standard

IE verweigert zugriff und qvo6 als startseite, malware log gemacht



Hatte übrigens Antivir nicht ausgeschaltet.

Log von ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d19b93e6657994fbc02f88095a8dac7
# engine=14956
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-30 09:33:05
# local_time=2013-08-30 11:33:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 23891 243321675 16672 0
# compatibility_mode=5893 16776574 100 94 4273453 129528235 0 0
# scanned=293140
# found=1
# cleaned=0
# scan_time=13922
sh=04AA00A4B1D90BCF8BA2BAFA0F95E25EB336CED7 ft=1 fh=0790f409ee012c9a vn="Win32/Adware.AddLyrics.L application" ac=I fn="C:\Users\Claudia\AppData\Local\Temp\is357113909\478099_Setup.EXE"
         
Noch zur Info, Antivir hatte ich während des Scans bei ca. 40% doch noch ausgeschaltet, da mir dann aufgefallen war, dass der Prozess noch aktiv war.

Antwort

Themen zu IE verweigert zugriff und qvo6 als startseite, malware log gemacht
adware.domaiq, anzeige, autokms, computer, fehlermeldung, internet explorer, malware, nicht mehr, programme, pup.optional.babylon.a, pup.optional.bandoo, pup.optional.datamngr, pup.optional.dealply.a, pup.optional.elex, pup.optional.esafe.a, pup.optional.installcore.a, pup.optional.opencandy, pup.optional.searchqu, sicherheit, trojan.agent.h, trojan.staser, warnmeldung



Ähnliche Themen: IE verweigert zugriff und qvo6 als startseite, malware log gemacht


  1. Windows 8.1: Avira hat Malware gefunden-Aktion: Zugriff verweigert
    Log-Analyse und Auswertung - 19.08.2014 (5)
  2. Fehler 5: Zugriff verweigert
    Log-Analyse und Auswertung - 16.08.2014 (1)
  3. www.qvo6.com als startseite wegbekommen
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (17)
  4. Qvo6 lässt sich nicht entfernen, vermutlich bisher ziemlichen murks gemacht...
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (28)
  5. Nvcpl.dll zugriff verweigert
    Log-Analyse und Auswertung - 04.07.2012 (7)
  6. NOD32 URL, Zugriff verweigert
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (17)
  7. Malware/Adware/Trojaner? Verdacht Nod 32 Zugriff verweigert URL/IP
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (0)
  8. Zugriff auf Antivirenseiten etc. verweigert....
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (5)
  9. Gdata Zugriff verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 13.12.2008 (3)
  10. Windows verweigert Zugriff
    Alles rund um Windows - 08.11.2007 (4)
  11. Laufwerk C:\ : zugriff verweigert!
    Alles rund um Windows - 27.08.2007 (3)
  12. Zugriff verweigert
    Alles rund um Windows - 12.08.2007 (6)
  13. PCI Brückengerät Zugriff verweigert
    Netzwerk und Hardware - 21.04.2007 (1)
  14. Zugriff auf zlclient.exe verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 10.08.2006 (1)
  15. Zugriff verweigert -- Problem
    Plagegeister aller Art und deren Bekämpfung - 15.12.2005 (3)
  16. Zugriff verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 27.12.2004 (1)
  17. Virus - Zugriff verweigert! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2003 (8)

Zum Thema IE verweigert zugriff und qvo6 als startseite, malware log gemacht - Hallo liebe community, zuerst ich hoffe, dass ich hier im richtigen Forum gepostet habe, falls nicht tut mir leid, dies ist mein erster Post. Nun zu meinem Problem, ich kann - IE verweigert zugriff und qvo6 als startseite, malware log gemacht...
Archiv
Du betrachtest: IE verweigert zugriff und qvo6 als startseite, malware log gemacht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.