Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
internet verselbstständigt!

internet verselbstständigt!


Plagegeister aller Art und deren Bekämpfung: internet verselbstständigt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 01.08.2014, 19:36   #16
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Zitat:
Zitat von pfaumanfred Beitrag anzeigen
Habe als Programm den Advance System Protector gekauft
Du weißt, dass "Advances System Protector" eine schädliche Software / Adware / Werbesoftware ist?
Darf ich fragen, warum du deinen Rechner mit derartigem Mist zumüllst?
Möchtest du deinen Rechner vorzeitig zumüllen oder zugrunde richten?

Rausgeschmissenes Geld, weil die Software nix kann und selbst schädlich ist....

btw... du hast nichts im Uploadchannel hochgeladen.

Alt 02.08.2014, 12:22   #17
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Habe das Programm bereits wieder gekündigt. (Bin manchmal einfach zu schnell).
Dann sage mir mit welchem link ich die Datei hochladen soll.
Ansonsten läuft das Internet eigentlich störungsfrei!
Gruß Manfred
__________________
Alt 02.08.2014, 12:46   #18
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Nimm diesen Link bitte:
Zitat:
http://www.trojaner-board.de/157034-internet-verselbststaendigt-2.html#post1338606
Anleitung nochmal:

  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





führe bitte nochmal FRST zur Kontrolle aus und mache einen Suchlauf.
__________________
Alt 02.08.2014, 15:26   #19
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Hallo Matthias,
es gibt keinen Ordner Quarantine mit der Zip Datei mehr. Das ist alles weg.

Alt 03.08.2014, 09:07   #20
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Zitat:
Zitat von pfaumanfred Beitrag anzeigen
Hallo Matthias,
es gibt keinen Ordner Quarantine mit der Zip Datei mehr. Das ist alles weg.
Hab ich schon befürchtet...


Gibt es noch Probleme?


Alt 03.08.2014, 14:12   #21
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Eigentlich keine Probleme. Nur Werbung wird mit einem neuen Tab aufgemacht.

Gruß Manfred

Alt 03.08.2014, 15:19   #22
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Zitat:
Zitat von pfaumanfred Beitrag anzeigen
Nur Werbung wird mit einem neuen Tab aufgemacht.
In welchem Browser?


Ja dann gibt es ja wieder Probleme... du bist wohl ein Scherzkeks, wa?


Damit du dir nicht wieder lauter Müll installierst, ist hier eine kleine Animation, in der in gelb/orange hervorgehoben ist, wo sich jeweils der Downloadbutton auf Filepony befindet...
Und wenn du jetzt noch einmal auf den Werbe-Button klickst und dir ohne Nachzudenken irgendwas herunterlädst und installierst, dann solltest du lieber deinen Rechner formatieren und nie wieder ins Internet gehen...




Wir beginnen wieder mit FRST:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Alt 04.08.2014, 10:02   #23
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Manfred (administrator) on MANFREDPC on 04-08-2014 10:56:51
Running from C:\Users\Manfred\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Trioris LLC) C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(IScreenyHelper) C:\Users\Manfred\AppData\Local\IScreeny\IScreenyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [IScreeny] => C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe [1170888 2014-06-20] (Trioris LLC)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [IScreenyUpdater] => C:\Users\Manfred\AppData\Local\IScreeny\Updater.exe [163784 2014-06-20] (TRIORIS LLC)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [146888 2014-07-29] (PC Utilities Software Limited)
IFEO\effectextractor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar@web.de [2014-07-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3475912 2014-08-01] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-06-29] () [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-06-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-06-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-06-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 iscreenyfilter; C:\WINDOWS\iscreenyfilter.sys [41632 2014-06-25] (NetFilterSDK.com)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-06-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-06-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 16:13 - 2014-08-03 16:13 - 00001190 _____ () C:\AdwCleaner[S2].txt
2014-08-03 16:12 - 2014-08-03 16:12 - 00001125 _____ () C:\AdwCleaner[R2].txt
2014-08-02 15:58 - 2014-08-04 10:56 - 00011261 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-08-02 15:58 - 2014-08-02 15:59 - 00034293 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-08-02 15:57 - 2014-08-04 10:56 - 00000000 ____D () C:\FRST
2014-08-02 15:56 - 2014-08-02 15:56 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-08-02 13:16 - 2014-08-02 16:17 - 00000000 ____D () C:\Users\Manfred\Documents\Male-Ware
2014-08-01 15:24 - 2014-08-01 15:24 - 00001207 _____ () C:\AdwCleaner[S1].txt
2014-08-01 15:23 - 2014-08-01 15:23 - 00001040 _____ () C:\AdwCleaner[R1].txt
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\Documents\Optimizer Pro
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Optimizer Pro
2014-08-01 14:31 - 2014-08-04 10:54 - 00000000 ____D () C:\Users\Manfred\AppData\Local\IScreeny
2014-08-01 14:31 - 2014-08-02 13:16 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Systweak
2014-08-01 14:31 - 2014-08-02 13:16 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-01 14:31 - 2014-08-01 15:27 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-08-01 14:31 - 2014-08-01 14:31 - 00581957 _____ () C:\Users\Manfred\Desktop\adwcleaner-1.606-en.exe
2014-08-01 14:31 - 2014-08-01 14:31 - 00001034 _____ () C:\Users\Manfred\Desktop\FLVM Player.lnk
2014-08-01 14:31 - 2014-08-01 14:31 - 00001032 _____ () C:\Users\Manfred\Desktop\Optimizer Pro.lnk
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\VOPackage
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IScreeny
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Program Files\FLVM Player
2014-08-01 14:31 - 2014-06-30 17:55 - 00018792 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot.exe
2014-08-01 14:28 - 2014-08-01 14:28 - 00648896 _____ (Bechiro-Installer · sl) C:\Users\Manfred\Downloads\AdwCleaner.exe
2014-08-01 14:27 - 2014-08-04 10:53 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:26 - 2014-08-01 14:26 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-01 14:26 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-01 14:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-01 14:20 - 2014-08-01 14:20 - 00700980 _____ () C:\Users\Manfred\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2014-08-01 14:19 - 2014-08-01 14:19 - 00538220 _____ () C:\Users\Manfred\Downloads\noscript-2.6.8.36.xpi.zip
2014-08-01 14:18 - 2014-08-01 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-01 14:17 - 2014-08-01 14:17 - 05329480 _____ (Secunia) C:\Users\Manfred\Downloads\PSISetup_3.0.0.9016.exe
2014-08-01 14:11 - 2014-08-01 14:11 - 00001114 _____ () C:\DelFix.txt
2014-08-01 14:11 - 2014-08-01 14:11 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-08-03 16:14 - 00022012 _____ () C:\WINDOWS\PFRO.log
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-28 11:37 - 2014-07-28 11:38 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:46 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-12 06:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 06:54 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 06:54 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 06:54 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 06:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 06:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 06:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 06:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 06:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 06:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 06:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 06:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 06:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 06:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 06:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 06:54 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 06:54 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 06:54 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 06:54 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 06:54 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 06:54 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 06:54 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 06:54 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 06:54 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 06:54 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 06:54 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 06:54 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 06:54 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 06:54 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 06:54 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 10:57 - 2014-08-02 15:58 - 00011261 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-08-04 10:56 - 2014-08-02 15:57 - 00000000 ____D () C:\FRST
2014-08-04 10:54 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Local\IScreeny
2014-08-04 10:53 - 2014-08-01 14:27 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 10:53 - 2014-06-23 09:03 - 00000000 __RDO () C:\Users\Manfred\OneDrive
2014-08-04 10:42 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-03 16:14 - 2014-07-31 12:14 - 00022012 _____ () C:\WINDOWS\PFRO.log
2014-08-03 16:14 - 2014-06-22 16:05 - 00000000 ___DC () C:\WINDOWS\Panther
2014-08-03 16:14 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-03 16:13 - 2014-08-03 16:13 - 00001190 _____ () C:\AdwCleaner[S2].txt
2014-08-03 16:12 - 2014-08-03 16:12 - 00001125 _____ () C:\AdwCleaner[R2].txt
2014-08-03 15:36 - 2013-03-25 10:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-03 15:19 - 2014-06-22 15:30 - 01367495 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-02 16:17 - 2014-08-02 13:16 - 00000000 ____D () C:\Users\Manfred\Documents\Male-Ware
2014-08-02 15:59 - 2014-08-02 15:58 - 00034293 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-08-02 15:56 - 2014-08-02 15:56 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-08-02 13:16 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Systweak
2014-08-02 13:16 - 2014-08-01 14:31 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-01 15:54 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 15:27 - 2014-08-01 14:31 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-08-01 15:24 - 2014-08-01 15:24 - 00001207 _____ () C:\AdwCleaner[S1].txt
2014-08-01 15:23 - 2014-08-01 15:23 - 00001040 _____ () C:\AdwCleaner[R1].txt
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\Documents\Optimizer Pro
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Optimizer Pro
2014-08-01 14:31 - 2014-08-01 14:31 - 00581957 _____ () C:\Users\Manfred\Desktop\adwcleaner-1.606-en.exe
2014-08-01 14:31 - 2014-08-01 14:31 - 00001034 _____ () C:\Users\Manfred\Desktop\FLVM Player.lnk
2014-08-01 14:31 - 2014-08-01 14:31 - 00001032 _____ () C:\Users\Manfred\Desktop\Optimizer Pro.lnk
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\VOPackage
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IScreeny
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Program Files\FLVM Player
2014-08-01 14:28 - 2014-08-01 14:28 - 00648896 _____ (Bechiro-Installer · sl) C:\Users\Manfred\Downloads\AdwCleaner.exe
2014-08-01 14:26 - 2014-08-01 14:26 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-01 14:20 - 2014-08-01 14:20 - 00700980 _____ () C:\Users\Manfred\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2014-08-01 14:19 - 2014-08-01 14:19 - 00538220 _____ () C:\Users\Manfred\Downloads\noscript-2.6.8.36.xpi.zip
2014-08-01 14:18 - 2014-08-01 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-01 14:17 - 2014-08-01 14:17 - 05329480 _____ (Secunia) C:\Users\Manfred\Downloads\PSISetup_3.0.0.9016.exe
2014-08-01 14:13 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-01 14:11 - 2014-08-01 14:11 - 00001114 _____ () C:\DelFix.txt
2014-08-01 14:11 - 2014-08-01 14:11 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 14:02 - 2013-11-15 12:12 - 00000000 ____D () C:\Users\Manfred\Downloads\bis November 2013
2014-08-01 09:16 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 12:35 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\IME
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-01-26 12:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 11:47 - 2012-07-26 06:17 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-31 10:52 - 2014-01-26 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-30 10:43 - 2014-05-06 12:29 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\HpUpdate
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:14 - 2014-06-19 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-28 11:38 - 2014-07-28 11:37 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-26 11:52 - 2013-09-07 12:41 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-26 11:21 - 2013-05-10 08:50 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-16 10:24 - 2013-09-10 17:30 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-07-16 10:24 - 2013-09-07 12:42 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-07-16 10:24 - 2013-09-07 12:42 - 00025400 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-15 06:45 - 2013-03-25 18:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 09:01 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:59 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 08:43 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 08:37 - 2013-08-22 09:22 - 00485264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 12:34 - 2014-05-06 12:28 - 00000000 ____D () C:\Program Files\HP
2014-07-12 12:33 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Manfred\Documents\Beihilfe
2014-07-12 11:51 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 11:50 - 2013-03-25 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2013-08-17 13:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 11:47 - 2013-03-27 17:25 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 11:46 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList

Some content of TEMP:
====================
C:\Users\Manfred\AppData\Local\Temp\avgnt.exe
C:\Users\Manfred\AppData\Local\Temp\optprosetup.exe
C:\Users\Manfred\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-01 15:54

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by Manfred at 2014-08-04 10:59:23
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0F01}) (Version: 12.15.1.462 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version:  - )
Free Audio Converter version 5.0.23.320 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
IScreeny (HKLM\...\IScreeny) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

01-08-2014 12:11:25 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0064A4EB-6388-4C48-81C6-99746DEA4A8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03DE1924-3FE1-4D64-9AFA-83BE2B67843E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E5E8DAF-5F7B-4DD0-B6D9-6154B1A6CA1D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {678555FD-A992-4622-BCCB-A89F836C2CAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {6F1AFD8C-CB70-41E7-80F0-01A59B7CD6FE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe [2014-07-29] (PC Utilities Software Limited) <==== ATTENTION
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7CCE08F4-EC9E-4612-99CC-D857CD214A0A} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B2289EAA-C16B-402A-B34D-881076AD701B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {B6DFC327-E4D4-468C-A071-D458EC30ADBF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D6A010E0-28C2-4360-B06D-6DB72C548BFD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6A82C08-8490-4083-9271-DEB458C010CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EF3CB7C8-BE78-4F7D-90D1-123882E38108} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-01 14:37 - 2014-08-01 14:37 - 03475912 _____ () c:\Program Files\Optimizer Pro\OptProCrash.dll
2013-04-06 12:24 - 2010-06-29 23:14 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-29 14:14 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-06-04 08:54 - 2014-06-04 08:54 - 00109000 _____ () C:\Users\Manfred\AppData\Local\IScreeny\nfapi.dll
2014-06-04 08:54 - 2014-06-04 08:54 - 00334280 _____ () C:\Users\Manfred\AppData\Local\IScreeny\ProtocolFilters.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manfred\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run: => "OpwareSE4"
HKLM\...\StartupApproved\Run: => "CLMLServer"
HKLM\...\StartupApproved\Run: => "YouCam Mirror Tray icon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HP Software Update"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 04:15:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17039 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a0

Startzeit: 01cfaf2547606c8c

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 9a8476be-1b18-11e4-afca-00262dc0dc29

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2014 03:55:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10824828

Error: (08/03/2014 03:55:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10824828

Error: (08/03/2014 03:55:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/03/2014 04:16:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/03/2014 03:44:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (08/03/2014 01:25:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/03/2014 10:25:11 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (08/03/2014 03:55:51 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/03/2014 00:55:32 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (08/02/2014 01:42:13 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/02/2014 10:31:23 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (08/01/2014 04:42:05 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (08/01/2014 04:40:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RBClientService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (08/03/2014 04:15:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.170398a001cfaf2547606c8c0C:\WINDOWS\Explorer.EXE9a8476be-1b18-11e4-afca-00262dc0dc29

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2014 03:55:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10824828

Error: (08/03/2014 03:55:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10824828

Error: (08/03/2014 03:55:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 2934.6 MB
Available physical RAM: 1818.68 MB
Total Pagefile: 3446.6 MB
Available Pagefile: 2116.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.71 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:391.9 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.5 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:702.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
Es macht eine Werbung auf bei Firefox
Sonst alles in Ordnung.
Gruß Manfred

Alt 04.08.2014, 11:21   #24
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Servus,



ok, ich sehe da wieder Werbesoftware (Adware).



Zuerst mal bitte folgendes machen:

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Wählen Sie eine
  • Kopiere nun folgendes in die Suchleiste
    Code:
    ATTFilter
    C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe
  • und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen
    Zitat:
    Diese Datei wurde bereits von VirusTotal analysiert...
    klicke auf Neu analysieren.
  • Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
  • Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wiederhole den Vorgang mit dieser Datei:
C:\Users\Manfred\AppData\Local\IScreeny\Updater.exe






Dann geht es so weiter:


Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Schritt 4
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
*IScreeny*

:folderfind
*IScreeny*

:regfind
IScreeny
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Bitte poste mit deiner nächsten Antwort
  • die beiden Links zu VirusTotal,
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST,
  • die Logdatei von SystemLook.
Geändert von M-K-D-B (04.08.2014 um 11:28 Uhr)

Alt 04.08.2014, 18:59   #25
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Code:
ATTFilter
https://www.virustotal.com/de/file/00b6f52f56a3486813dbda0bea459dad820e14d1f30be3d8fe4a880b3b4ddaf3/analysis/1407172619/
Code:
ATTFilter
# AdwCleaner v1.606 - Logfile created 08/04/2014 at 19:21:27
# Updated 10/05/2012 by Xplode
# Operating system : Windows 8.1 Pro  (32 bits)
# User : Manfred - MANFREDPC
# Running from : C:\Users\Manfred\Desktop\adwcleaner-1.606-en(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Manfred\AppData\Local\Temp\APN

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.11.9600.17207

[OK] Registry is clean.

-\\ Mozilla Firefox v31.0 (x86 de)

Profile name : default 
File : C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1040 octets] - [01/08/2014 15:23:51]
AdwCleaner[S1].txt - [1207 octets] - [01/08/2014 15:24:45]
AdwCleaner[R2].txt - [1125 octets] - [03/08/2014 16:12:49]
AdwCleaner[S2].txt - [1190 octets] - [03/08/2014 16:13:12]
AdwCleaner[R3].txt - [1249 octets] - [04/08/2014 19:21:16]
AdwCleaner[S3].txt - [1184 octets] - [04/08/2014 19:21:27]

########## EOF - C:\AdwCleaner[S3].txt - [1312 octets] ##########
Code:
ATTFilter
https://www.virustotal.com/de/file/2d507301cace54122338d38256ef01a961a6d47a98a3d8df20ba7b3016a83eb2/analysis/1407173689/
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.08.2014
Suchlauf-Zeit: 19:26:18
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.04.05
Rootkit Datenbank: v2014.08.01.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x86
Dateisystem: NTFS
Benutzer: Manfred

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 296233
Verstrichene Zeit: 13 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [ccc9ccf67b007cba78fc9f38639f2dd3], 
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-2440249-1944230807-1698688370-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, Löschen bei Neustart, [d0c50eb4a5d69f974b6c0612f4108b75], 
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2440249-1944230807-1698688370-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Löschen bei Neustart, [5c39536f3c3f082e8831c25628dc956b], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2440249-1944230807-1698688370-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Löschen bei Neustart, [4c49bc06017a310585ee7d5afb0739c7], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 7
PUP.Optional.SystemSpeedup, C:\Users\Manfred\AppData\Roaming\Systweak\ssd, In Quarantäne, [97fe03bfb9c214227cf610b7a85ab848], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\2.1.1000.13665, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Manfred\AppData\Roaming\Systweak\Advanced-System-Protector, In Quarantäne, [2372b80aa1dabe788998daf3d13139c7], 
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Manfred\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665, In Quarantäne, [2372b80aa1dabe788998daf3d13139c7], 

Dateien: 22
PUP.Optional.AppInstaller, C:\Users\Manfred\AppData\Local\Temp\n3795\FLVMPlayerSetup-c45490cb.exe, In Quarantäne, [781d6062691260d6a0a35d2de51c13ed], 
PUP.Optional.SystemSpeedup, C:\Users\Manfred\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [97fe03bfb9c214227cf610b7a85ab848], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\status.lic, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\completedatabase.db, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Cookies.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\DigSign.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePathFIX.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FilePaths.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\FileSignature.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Folders.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Md5.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\Registry.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\SetupSign.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\signatures\StrSetupSign.bin, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\100oupdate.zip, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1835completedatabase.zip, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1905mupdate.zip, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System-Protector\updates\1906update.zip, In Quarantäne, [4e479d255a2153e329f814b913ef50b0], 
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Manfred\AppData\Roaming\Systweak\Advanced-System-Protector\QDetail.db, In Quarantäne, [2372b80aa1dabe788998daf3d13139c7], 
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Manfred\AppData\Roaming\Systweak\Advanced-System-Protector\Settings.db, In Quarantäne, [2372b80aa1dabe788998daf3d13139c7], 
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Manfred\AppData\Roaming\Systweak\Advanced-System-Protector\Update.ini, In Quarantäne, [2372b80aa1dabe788998daf3d13139c7], 
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Manfred\AppData\Roaming\Systweak\Advanced-System-Protector\2.1.1000.13665\ASPLog.txt, In Quarantäne, [2372b80aa1dabe788998daf3d13139c7], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by Manfred (administrator) on MANFREDPC on 04-08-2014 19:49:03
Running from C:\Users\Manfred\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Systweak) C:\Program Files\Right Backup\RightBackup.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Trioris LLC) C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(IScreenyHelper) C:\Users\Manfred\AppData\Local\IScreeny\IScreenyHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [IScreeny] => C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe [1170888 2014-06-20] (Trioris LLC)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [IScreenyUpdater] => C:\Users\Manfred\AppData\Local\IScreeny\Updater.exe [163784 2014-06-20] (TRIORIS LLC)
HKU\S-1-5-21-2440249-1944230807-1698688370-1001\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [146888 2014-07-29] (PC Utilities Software Limited)
IFEO\effectextractor.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\omnipage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\power2go.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\scannerwizard.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\youcam.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-4300-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar@web.de [2014-07-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\p8z37soi.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi [2013-12-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-26] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3475912 2014-08-01] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48240 2014-07-11] (Systweak)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-06-29] () [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-06-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-06-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-06-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37352 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [35848 2014-07-26] (Avira Operations GmbH & Co. KG)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 iscreenyfilter; C:\WINDOWS\iscreenyfilter.sys [41632 2014-06-25] (NetFilterSDK.com)
R3 L1C; C:\WINDOWS\system32\DRIVERS\L1C63x86.sys [110792 2013-06-18] (Qualcomm Atheros Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-06-22] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-06-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 19:45 - 2014-08-04 19:45 - 00006582 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-08-04 19:32 - 2014-08-04 19:32 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-08-04 19:25 - 2014-08-04 19:25 - 00001880 _____ () C:\Program Files\Right Backupsmartbackuprules.xmluzvf2qat.d4r.xml_
2014-08-04 19:25 - 2014-08-04 19:25 - 00000000 ____D () C:\Program Files\Right Backup
2014-08-04 19:21 - 2014-08-04 19:21 - 00001313 _____ () C:\AdwCleaner[S3].txt
2014-08-04 19:21 - 2014-08-04 19:21 - 00001249 _____ () C:\AdwCleaner[R3].txt
2014-08-04 19:20 - 2014-08-04 19:25 - 00001020 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-08-04 19:20 - 2014-08-04 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-08-04 19:20 - 2014-08-04 19:20 - 00581957 _____ () C:\Users\Manfred\Desktop\adwcleaner-1.606-en(1).exe
2014-08-04 19:20 - 2014-08-04 19:20 - 00000000 ____D () C:\rbtemp
2014-08-03 16:13 - 2014-08-03 16:13 - 00001190 _____ () C:\AdwCleaner[S2].txt
2014-08-03 16:12 - 2014-08-03 16:12 - 00001125 _____ () C:\AdwCleaner[R2].txt
2014-08-02 15:58 - 2014-08-04 19:49 - 00011425 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-08-02 15:58 - 2014-08-04 10:59 - 00031427 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-08-02 15:57 - 2014-08-04 19:49 - 00000000 ____D () C:\FRST
2014-08-02 15:56 - 2014-08-02 15:56 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-08-02 13:16 - 2014-08-02 16:17 - 00000000 ____D () C:\Users\Manfred\Documents\Male-Ware
2014-08-01 15:24 - 2014-08-01 15:24 - 00001207 _____ () C:\AdwCleaner[S1].txt
2014-08-01 15:23 - 2014-08-01 15:23 - 00001040 _____ () C:\AdwCleaner[R1].txt
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\Documents\Optimizer Pro
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Optimizer Pro
2014-08-01 14:31 - 2014-08-04 19:44 - 00000000 ____D () C:\Users\Manfred\AppData\Local\IScreeny
2014-08-01 14:31 - 2014-08-04 19:40 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Systweak
2014-08-01 14:31 - 2014-08-04 19:40 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-01 14:31 - 2014-08-04 19:20 - 00001034 _____ () C:\Users\Manfred\Desktop\FLVM Player.lnk
2014-08-01 14:31 - 2014-08-01 15:27 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-08-01 14:31 - 2014-08-01 14:31 - 00581957 _____ () C:\Users\Manfred\Desktop\adwcleaner-1.606-en.exe
2014-08-01 14:31 - 2014-08-01 14:31 - 00001032 _____ () C:\Users\Manfred\Desktop\Optimizer Pro.lnk
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\VOPackage
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IScreeny
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Program Files\FLVM Player
2014-08-01 14:31 - 2014-06-30 17:55 - 00018792 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot.exe
2014-08-01 14:28 - 2014-08-01 14:28 - 00648896 _____ (Bechiro-Installer · sl) C:\Users\Manfred\Downloads\AdwCleaner.exe
2014-08-01 14:27 - 2014-08-04 19:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 14:26 - 2014-08-01 14:26 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-01 14:26 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-01 14:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-01 14:20 - 2014-08-01 14:20 - 00700980 _____ () C:\Users\Manfred\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2014-08-01 14:19 - 2014-08-01 14:19 - 00538220 _____ () C:\Users\Manfred\Downloads\noscript-2.6.8.36.xpi.zip
2014-08-01 14:18 - 2014-08-01 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-01 14:17 - 2014-08-01 14:17 - 05329480 _____ (Secunia) C:\Users\Manfred\Downloads\PSISetup_3.0.0.9016.exe
2014-08-01 14:11 - 2014-08-01 14:11 - 00001114 _____ () C:\DelFix.txt
2014-08-01 14:11 - 2014-08-01 14:11 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-08-04 19:42 - 00030228 _____ () C:\WINDOWS\PFRO.log
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-28 11:37 - 2014-07-28 11:38 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:46 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-12 06:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-12 06:54 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-12 06:54 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-12 06:54 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-12 06:54 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-12 06:54 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-12 06:54 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-12 06:54 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-12 06:54 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-12 06:54 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-12 06:54 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-12 06:54 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-12 06:54 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-12 06:54 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-12 06:54 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-12 06:54 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-12 06:54 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-12 06:54 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-12 06:54 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-12 06:54 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-12 06:54 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-12 06:54 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 06:54 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-12 06:54 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-12 06:54 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-12 06:54 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-12 06:54 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-12 06:54 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-12 06:54 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-12 06:54 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-12 06:54 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 19:49 - 2014-08-02 15:58 - 00011425 _____ () C:\Users\Manfred\Downloads\FRST.txt
2014-08-04 19:49 - 2014-08-02 15:57 - 00000000 ____D () C:\FRST
2014-08-04 19:45 - 2014-08-04 19:45 - 00006582 _____ () C:\Users\Manfred\Desktop\mbam.txt
2014-08-04 19:44 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Local\IScreeny
2014-08-04 19:44 - 2014-06-23 09:03 - 00000000 __RDO () C:\Users\Manfred\OneDrive
2014-08-04 19:43 - 2014-08-01 14:27 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 19:42 - 2014-07-31 12:14 - 00030228 _____ () C:\WINDOWS\PFRO.log
2014-08-04 19:42 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-04 19:42 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 19:40 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Systweak
2014-08-04 19:40 - 2014-08-01 14:31 - 00000000 ____D () C:\ProgramData\Systweak
2014-08-04 19:36 - 2014-06-22 15:30 - 01385383 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 19:36 - 2013-03-25 10:29 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-04 19:32 - 2014-08-04 19:32 - 01361309 _____ () C:\Users\Manfred\Downloads\adwcleaner_3.302.exe
2014-08-04 19:31 - 2014-05-06 12:29 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\HpUpdate
2014-08-04 19:25 - 2014-08-04 19:25 - 00001880 _____ () C:\Program Files\Right Backupsmartbackuprules.xmluzvf2qat.d4r.xml_
2014-08-04 19:25 - 2014-08-04 19:25 - 00000000 ____D () C:\Program Files\Right Backup
2014-08-04 19:25 - 2014-08-04 19:20 - 00001020 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-08-04 19:25 - 2014-08-04 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-08-04 19:21 - 2014-08-04 19:21 - 00001313 _____ () C:\AdwCleaner[S3].txt
2014-08-04 19:21 - 2014-08-04 19:21 - 00001249 _____ () C:\AdwCleaner[R3].txt
2014-08-04 19:20 - 2014-08-04 19:20 - 00581957 _____ () C:\Users\Manfred\Desktop\adwcleaner-1.606-en(1).exe
2014-08-04 19:20 - 2014-08-04 19:20 - 00000000 ____D () C:\rbtemp
2014-08-04 19:20 - 2014-08-01 14:31 - 00001034 _____ () C:\Users\Manfred\Desktop\FLVM Player.lnk
2014-08-04 19:13 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-04 11:07 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-04 10:59 - 2014-08-02 15:58 - 00031427 _____ () C:\Users\Manfred\Downloads\Addition.txt
2014-08-03 16:14 - 2014-06-22 16:05 - 00000000 ___DC () C:\WINDOWS\Panther
2014-08-03 16:13 - 2014-08-03 16:13 - 00001190 _____ () C:\AdwCleaner[S2].txt
2014-08-03 16:12 - 2014-08-03 16:12 - 00001125 _____ () C:\AdwCleaner[R2].txt
2014-08-02 16:17 - 2014-08-02 13:16 - 00000000 ____D () C:\Users\Manfred\Documents\Male-Ware
2014-08-02 15:56 - 2014-08-02 15:56 - 01084928 _____ (Farbar) C:\Users\Manfred\Downloads\FRST.exe
2014-08-01 15:27 - 2014-08-01 14:31 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-08-01 15:24 - 2014-08-01 15:24 - 00001207 _____ () C:\AdwCleaner[S1].txt
2014-08-01 15:23 - 2014-08-01 15:23 - 00001040 _____ () C:\AdwCleaner[R1].txt
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\Documents\Optimizer Pro
2014-08-01 14:37 - 2014-08-01 14:37 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Optimizer Pro
2014-08-01 14:31 - 2014-08-01 14:31 - 00581957 _____ () C:\Users\Manfred\Desktop\adwcleaner-1.606-en.exe
2014-08-01 14:31 - 2014-08-01 14:31 - 00001032 _____ () C:\Users\Manfred\Desktop\Optimizer Pro.lnk
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\VOPackage
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IScreeny
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-01 14:31 - 2014-08-01 14:31 - 00000000 ____D () C:\Program Files\FLVM Player
2014-08-01 14:28 - 2014-08-01 14:28 - 00648896 _____ (Bechiro-Installer · sl) C:\Users\Manfred\Downloads\AdwCleaner.exe
2014-08-01 14:26 - 2014-08-01 14:26 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 14:26 - 2014-08-01 14:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-01 14:20 - 2014-08-01 14:20 - 00700980 _____ () C:\Users\Manfred\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2014-08-01 14:19 - 2014-08-01 14:19 - 00538220 _____ () C:\Users\Manfred\Downloads\noscript-2.6.8.36.xpi.zip
2014-08-01 14:18 - 2014-08-01 14:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-01 14:17 - 2014-08-01 14:17 - 05329480 _____ (Secunia) C:\Users\Manfred\Downloads\PSISetup_3.0.0.9016.exe
2014-08-01 14:13 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-01 14:11 - 2014-08-01 14:11 - 00001114 _____ () C:\DelFix.txt
2014-08-01 14:11 - 2014-08-01 14:11 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 14:02 - 2013-11-15 12:12 - 00000000 ____D () C:\Users\Manfred\Downloads\bis November 2013
2014-07-31 21:28 - 2014-07-31 21:28 - 00009457 _____ () C:\Users\Manfred\Downloads\Eset.txt
2014-07-31 12:35 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\IME
2014-07-31 12:20 - 2014-07-31 12:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 12:19 - 2014-07-31 12:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 12:14 - 2014-01-26 12:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-31 11:47 - 2012-07-26 06:17 - 00000269 _____ () C:\WINDOWS\win.ini
2014-07-31 10:52 - 2014-01-26 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-30 12:02 - 2014-07-30 12:02 - 00000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-07-29 14:14 - 2014-07-29 14:14 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00001117 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-29 14:14 - 2014-07-29 14:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-29 14:14 - 2014-06-19 10:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-28 11:38 - 2014-07-28 11:37 - 32047680 _____ () C:\Users\Manfred\Downloads\Firefox_Setup_de31.0.exe
2014-07-26 11:52 - 2013-09-07 12:41 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2014-07-26 11:21 - 2013-05-10 08:50 - 00035848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-16 10:24 - 2013-09-10 17:30 - 00036152 _____ (TuneUp Software) C:\WINDOWS\system32\uxtuneup.dll
2014-07-16 10:24 - 2013-09-07 12:42 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2014-07-16 10:24 - 2013-09-07 12:42 - 00025400 _____ (TuneUp Software) C:\WINDOWS\system32\authuitu.dll
2014-07-15 10:12 - 2014-07-15 10:12 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe
2014-07-15 06:45 - 2013-03-25 18:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 09:01 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-13 08:59 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-13 08:43 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-13 08:37 - 2013-08-22 09:22 - 00485264 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-07-12 12:34 - 2014-07-12 12:34 - 00093529 _____ () C:\Users\Manfred\Desktop\HP Installationsfehler beheben – Netzwerk.hta
2014-07-12 12:34 - 2014-05-06 12:28 - 00000000 ____D () C:\Program Files\HP
2014-07-12 12:33 - 2013-01-22 09:36 - 00000000 ____D () C:\Users\Manfred\Documents\Beihilfe
2014-07-12 11:51 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-12 11:50 - 2013-03-25 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:48 - 2014-07-12 11:48 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 11:48 - 2013-08-17 13:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-12 11:47 - 2013-03-27 17:25 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-12 11:46 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:45 - 2014-07-12 11:45 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieUserList
2014-07-09 10:59 - 2014-07-09 10:59 - 00000000 __SHD () C:\Users\Manfred\AppData\Local\EmieSiteList

Some content of TEMP:
====================
C:\Users\Manfred\AppData\Local\Temp\avgnt.exe
C:\Users\Manfred\AppData\Local\Temp\optprosetup.exe
C:\Users\Manfred\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-04 11:07

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by Manfred at 2014-08-04 19:49:53
Running from C:\Users\Manfred\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0F01}) (Version: 12.15.1.462 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Content Manager 2 (HKLM\...\Content Manager 2) (Version: 3.10.0.52790 - NNG Llc.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
FLV Player (remove only) (HKLM\...\FLVM Player) (Version:  - )
Free Audio Converter version 5.0.23.320 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 7.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{8A7CB3D4-0C49-4A19-8504-CF250CE1F5E8}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
IScreeny (HKLM\...\IScreeny) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x86__8wekyb3d8bbwe (x86) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4398 - Systweak Software)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{FC16C025-71D3-430F-BE61-B7E713E5B582}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WEB.DE Club SmartFax (HKLM\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2440249-1944230807-1698688370-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

01-08-2014 12:11:25 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0064A4EB-6388-4C48-81C6-99746DEA4A8E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03DE1924-3FE1-4D64-9AFA-83BE2B67843E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2E5E8DAF-5F7B-4DD0-B6D9-6154B1A6CA1D} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {678555FD-A992-4622-BCCB-A89F836C2CAE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {6F1AFD8C-CB70-41E7-80F0-01A59B7CD6FE} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe [2014-07-29] (PC Utilities Software Limited) <==== ATTENTION
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {7CCE08F4-EC9E-4612-99CC-D857CD214A0A} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28] (Nuance Communications, Inc.)
Task: {878152FD-CF01-4496-B6A4-307C86FA8CE0} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-07-11] (Systweak)
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {B6DFC327-E4D4-468C-A071-D458EC30ADBF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {D0D89717-A835-4D84-B01D-033DAF3717CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {D6A010E0-28C2-4360-B06D-6DB72C548BFD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E6A82C08-8490-4083-9271-DEB458C010CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EF3CB7C8-BE78-4F7D-90D1-123882E38108} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-01 14:37 - 2014-08-01 14:37 - 03475912 _____ () c:\Program Files\Optimizer Pro\OptProCrash.dll
2014-08-04 19:25 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
2013-04-06 12:24 - 2010-06-29 23:14 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-06-04 08:54 - 2014-06-04 08:54 - 00109000 _____ () C:\Users\Manfred\AppData\Local\IScreeny\nfapi.dll
2014-06-04 08:54 - 2014-06-04 08:54 - 00334280 _____ () C:\Users\Manfred\AppData\Local\IScreeny\ProtocolFilters.dll
2014-07-29 14:14 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Manfred\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run: => "OpwareSE4"
HKLM\...\StartupApproved\Run: => "CLMLServer"
HKLM\...\StartupApproved\Run: => "YouCam Mirror Tray icon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "HP Software Update"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2014 07:20:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6f4090df
ID des fehlerhaften Prozesses: 0x82c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_14_0_0_145.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_14_0_0_145.exe5

Error: (08/04/2014 07:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe, Version: 14.0.0.145, Zeitstempel: 0x53aa1aea
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x020f4fa0
ID des fehlerhaften Prozesses: 0x82c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_14_0_0_145.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_14_0_0_145.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_14_0_0_145.exe2
Berichtskennung: FlashPlayerPlugin_14_0_0_145.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_14_0_0_145.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_14_0_0_145.exe5

Error: (08/04/2014 11:10:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/03/2014 04:15:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17039 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a0

Startzeit: 01cfaf2547606c8c

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 9a8476be-1b18-11e4-afca-00262dc0dc29

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/04/2014 07:25:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RBClientService" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/04/2014 07:24:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RBClientService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/04/2014 07:21:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RBClientService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/04/2014 07:21:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/04/2014 07:21:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/04/2014 07:21:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/04/2014 07:21:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/04/2014 07:21:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/04/2014 07:21:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/04/2014 07:21:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Optimizer Pro Crash Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (08/04/2014 07:20:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaunknown0.0.0.000000000c00000056f4090df82c01cfb0085aaca9d4C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeunknown9a3159b0-1bfb-11e4-afca-00262dc0dc29

Error: (08/04/2014 07:20:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_14_0_0_145.exe14.0.0.14553aa1aeaunknown0.0.0.000000000c00001a5020f4fa082c01cfb0085aaca9d4C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exeunknown98d06ca3-1bfb-11e4-afca-00262dc0dc29

Error: (08/04/2014 11:10:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe

Error: (08/03/2014 04:15:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.170398a001cfaf2547606c8c0C:\WINDOWS\Explorer.EXE9a8476be-1b18-11e4-afca-00262dc0dc29

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10806110

Error: (08/03/2014 01:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33167515

Error: (08/03/2014 10:08:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 2934.6 MB
Available physical RAM: 1753.36 MB
Total Pagefile: 3446.6 MB
Available Pagefile: 2024.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.73 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:391.32 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:21.5 GB) NTFS
Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:702.21 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 19:53 on 04/08/2014 by Manfred
Administrator - Elevation successful

========== filefind ==========

Searching for "*IScreeny*"
C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe	--a---- 1170888 bytes	[11:56 20/06/2014]	[11:56 20/06/2014] 8930CC4BCF47A5D0F86F89286523D2D0
C:\Users\Manfred\AppData\Local\IScreeny\IScreenyHelper.exe	--a---- 173728 bytes	[05:14 02/07/2014]	[05:14 02/07/2014] AB5D62C478369E395AE558F147FE7ED2
C:\Users\Manfred\AppData\Local\Microsoft\Windows\INetCache\IE\1DFJ48FO\IScreenySetup[1].exe	--a---- 2350080 bytes	[12:31 01/08/2014]	[12:31 01/08/2014] EA470999354126CE5835E4F62ED98F14
C:\Users\Manfred\AppData\Local\Temp\n8272\iScreenyInstall_0807-b7266691.exe	--a---- 170632 bytes	[12:31 01/08/2014]	[12:31 01/08/2014] FF988AF505FDBF6031F76B3683B99CB3
C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IScreeny\IScreeny.lnk	--a---- 1119 bytes	[12:31 01/08/2014]	[12:31 01/08/2014] A8CBD93A386B9FFA3E7F0EEC6B9B023C
C:\Windows\iscreenyfilter.sys	--a---- 41632 bytes	[05:40 25/06/2014]	[05:40 25/06/2014] 373FD16D19F14EFB6B311490C389F2DA
C:\Windows\Prefetch\ISCREENY.EXE-3CC832B8.pf	--a---- 16920 bytes	[08:00 02/08/2014]	[08:00 02/08/2014] 05402A37D5E5ADF04270DF97DCD7382A
C:\Windows\Prefetch\ISCREENYHELPER.EXE-9D48C010.pf	--a---- 41268 bytes	[08:00 02/08/2014]	[17:44 04/08/2014] F70B8B6AB192E26924CBEEAFA69B25F8

========== folderfind ==========

Searching for "*IScreeny*"
C:\Users\Manfred\AppData\Local\IScreeny	d------	[12:31 01/08/2014]
C:\Users\Manfred\AppData\Local\IScreeny\iscreenyfilterTemp	d------	[12:31 01/08/2014]
C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IScreeny	d------	[12:31 01/08/2014]

========== regfind ==========

Searching for "IScreeny"
[HKEY_CURRENT_USER\Software\IScreeny]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IScreeny"="C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IScreenyUpdater"="C:\Users\Manfred\AppData\Local\IScreeny\Updater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\IScreeny]
[HKEY_LOCAL_MACHINE\SOFTWARE\IScreeny]
@="C:\Users\Manfred\AppData\Local\IScreeny"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IScreeny]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IScreeny]
"DisplayName"="IScreeny"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IScreeny]
"UninstallString"="C:\Users\Manfred\AppData\Local\IScreeny\uninstall.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iscreenyfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iscreenyfilter]
"ImagePath"="iscreenyfilter.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iscreenyfilter]
"DisplayName"="iscreenyfilter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iscreenyfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iscreenyfilter]
"ImagePath"="iscreenyfilter.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iscreenyfilter]
"DisplayName"="iscreenyfilter"
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\IScreeny]
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"IScreeny"="C:\Users\Manfred\AppData\Local\IScreeny\IScreeny.exe"
[HKEY_USERS\S-1-5-21-2440249-1944230807-1698688370-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"IScreenyUpdater"="C:\Users\Manfred\AppData\Local\IScreeny\Updater.exe"

-= EOF =-

Alt 05.08.2014, 10:08   #26
M-K-D-B
/// TB-Ausbilder
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Zitat:
Zitat von pfaumanfred Beitrag anzeigen
# Running from : C:\Users\Manfred\Desktop\adwcleaner-1.606-en(1).exe
Sowas tut echt echt weh, wenn ich das sehe... du scannst mit AdwCleaner 1.6, aktuell ist 3.3... dann nimmst du noch eine englische Version anstatt die deutsche von dem Link, den ich dir gebe... tut mir Leid, aber ich kann echt nicht mehr nachvollziehen, was so schwer ist, den Anleitungen genau zu folgen...


Du hast dich schon wieder mit Adware infiziert... eine Bereinigung macht keinen Sinn, wenn du einfach "blind" irgendwas installierst und dich nicht an die Anleitungen hältst.

Eine vollständige Bereinigung macht hier keinen Sinn, daher empfehle ich dir eine Neuinstallation.



Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Alt 05.08.2014, 13:28   #27
pfaumanfred
 
internet verselbstständigt! - Standard

internet verselbstständigt!


Tut mir leid, habe mich doch ansonsten an die Anweisungen gehalten. Weiß auch nicht woher der alte AdwCleaner kam. Habs dann auch gemerkt, da war es schon zu spät.

Na dann,
Gruß Manfred

Antwort
Seite 2 von 2 1 2

Themen zu internet verselbstständigt!
msil/browsefox.e, msil/browsefox.g, pup.optional.appinstaller, pup.optional.downloader, pup.optional.iminent.a, pup.optional.netcrawl.a, pup.optional.outbrowse, pup.optional.regcleanerpro.a, pup.optional.systemspeedup, tabs mit werbung, win32/adware.yontoo, win32/browsefox.c, win32/browsefox.f, win32/browsefox.h, win32/browsefox.i, win32/browsefox.j, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/bundled.toolbar.ask.e, win32/bundled.toolbar.ask.f, win32/bundled.toolbar.ask.g, win32/domaiq.c, win32/systweak.d, win32/toolbar.conduit, win32/toolbar.conduit.a, win32/toolbar.conduit.b


« Viel Werbung, Internetseiten öffnen sich automatisch | proxyserver blockiert Internetzugriff fast aller programme »


Ähnliche Themen: internet verselbstständigt!


  1. Windows updates sagen immer fehler beim instalieren, internet unterbrochen obwohl internet da ist ,
    Alles rund um Windows - 30.07.2015 (2)
  2. Cyber Crime - Blockierung im Internet, komme oft nicht ins Internet
    Diskussionsforum - 15.09.2014 (26)
  3. Hilfe Bitte. kein Internet über den Browser, obwohl eine Internet Verbindung besteht. ...
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (9)
  4. Internet Problem, 1 Pc zieht volle Internet Leistung!
    Log-Analyse und Auswertung - 14.11.2013 (10)
  5. Trojaner?Internet spackt rum (LoL,Skype,Internet-DC)
    Plagegeister aller Art und deren Bekämpfung - 26.12.2012 (3)
  6. Avast Web Schutz verhindert Internet-Zugang über Firefox/Internet Explorer
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2011 (7)
  7. W-Lan und Lan finden internet, aber keine konnektivität zum Internet.
    Plagegeister aller Art und deren Bekämpfung - 17.01.2011 (22)
  8. Kann nur mit dem Internet Explorer ins Internet, Antivirenprogramm aktuallisiert sich nicht
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (11)
  9. Temporary Internet Files (Cache) füllt sich, ohne das ich im Internet etwas mache
    Log-Analyse und Auswertung - 06.07.2010 (21)
  10. Internet Explorer und Firefox kommen nicht ins Internet
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (71)
  11. Mausrad verselbstständigt sich wegen virus/trojan
    Netzwerk und Hardware - 14.11.2009 (1)
  12. Internet langsam und zu reagiert das Internet und Outlook nicht mehr
    Log-Analyse und Auswertung - 27.08.2009 (37)
  13. internet seitenaufbau total langsam,internet aktivität zu hoch.
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (0)
  14. Internet Explorer hängt, Internet Probleme!
    Log-Analyse und Auswertung - 26.11.2008 (1)
  15. internet geht zäh, internet windows explorer spinnt
    Log-Analyse und Auswertung - 20.11.2008 (20)
  16. GData Internet Security 2007 und installiert und der Internet Explorer läuft nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 25.01.2007 (1)
  17. iexplore.exe (NICHT Internet Explorer) versucht auf das Internet zuzugreifen!
    Plagegeister aller Art und deren Bekämpfung - 11.04.2006 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema internet verselbstständigt! - Zitat: Zitat von pfaumanfred Habe als Programm den Advance System Protector gekauft Du weißt, dass "Advances System Protector" eine schädliche Software / Adware / Werbesoftware ist? Darf ich fragen, warum - internet verselbstständigt!...
Archiv
Du betrachtest: internet verselbstständigt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129