Trojaner-Board - VirTool:Win32/Obfuscator.ALA

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - VirTool:Win32/Obfuscator.ALA (https://www.trojaner-board.de/159334-virtool-win32-obfuscator-ala.html)

Code:

HitmanPro 3.7.9.225

www.hitmanpro.com
 

   Computer name . . . . : MARION-PC

   Windows . . . . . . . : 6.1.1.7601.X64/4

   User name . . . . . . : Marion-PC\Marion

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Free
 

   Scan date . . . . . . : 2014-10-03 14:58:28

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 8m 1s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No
 

   Threats . . . . . . . : 9

   Traces  . . . . . . . : 39
 

   Objects scanned . . . : 1.338.226

   Files scanned . . . . : 20.362

   Remnants scanned  . . : 287.163 files / 1.030.701 keys
 

Malware _____________________________________________________________________
 

   C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp\termtutor-setup-1.9.0.8.exe

      Size . . . . . . . : 1.104.088 bytes

      Age  . . . . . . . : 0.1 days (2014-10-03 13:45:23)

      Entropy  . . . . . : 7.8

      SHA-256  . . . . . : C90802B073D4E2DB8529B1A777C32B7A9F35A6281918A37A3F1789DD3D111904

      Needs elevation  . : Yes

      Product  . . . . . : Term Tutor

      Publisher  . . . . : Term Tutor

      Description  . . . : Term Tutor Setup

      Version  . . . . . : 1.9.0.8

      RSA Key Size . . . : 2048

      LanguageID . . . . : 0

      Authenticode . . . : Valid

    > Bitdefender  . . . : Adware.Vitruvian.A

      Fuzzy  . . . . . . : 103.0

      Forensic Cluster

         -144.0s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000192

         -134.8s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000193

         -106.5s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000194

         -92.0s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000195

         -71.6s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000196

         -65.5s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000197

         -62.4s C:\Users\Marion\Desktop\FileOpenerSetup.exe

         -56.2s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000198

         -51.0s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_000199

         -47.5s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_00019a

         -41.0s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_F54700C2D01A2603C5E39160B737AF90

         -41.0s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_F54700C2D01A2603C5E39160B737AF90

         -16.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\

         -15.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755580_stp.EXE.part

         -14.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp.CIS

         -14.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp.CIS

         -13.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Yes_Button[1].png

         -13.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\declineBG[1].png

         -13.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp.CIS

         -13.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Yes_Button_Hover[1].png

         -13.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\No_Button[1].png

         -13.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\No_Button_Hover[1].png

         -13.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Taderonadan[1].png

         -13.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Lilisipipe[1].png

         -13.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Noseresel[1].png

         -13.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg1[1].png

         -13.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg2[1].png

         -12.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\bg3[1].png

         -12.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp.CIS

         -11.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp.CIS.part

         -11.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp.CIS

         -11.5s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp.CIS.part

         -11.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp\

         -11.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755624_stp\RAM.dll

         -11.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\IE_logo[1].png

         -11.1s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp.CIS.part

         -11.1s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp.CIS

         -11.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\CH_logo[1].png

         -10.5s C:\Users\Marion\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BD7WXA7U\hub.freshmilk.tv\analytics.sol

         -10.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\FF_logo[1].png

         -10.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp\

         -10.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755716_stp\Sept30_cor_sweet-page.exe

         -10.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Sys_CPC_FR_GG-TYP_5853_All_All_300_JuneBlack_LP2_30622_fc[1].gif

         -9.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Sasatagete[1].PNG

         -9.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\blank[1].gif

         -9.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Sasatagete_v9[1].png

         -9.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp.CIS.part

         -9.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\BG[1].png

         -8.7s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp.CIS.part

         -8.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Logo_Bisli[1].png

         -8.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Sesakesaye_bisli[1].png

         -7.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Pepeseped_dark[1].png

         -6.6s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Pepeseped_steps[1].png

         -5.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp\

         -5.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp\icc.dll

         -5.2s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755687_stp\sqlite3.dll

         -5.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\logo[1].png

         -4.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Nafidiri[1].png

         -4.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Ropopi_Title[1].png

         -4.7s C:\Users\Marion\AppData\Local\Temp\icc_051186061212\

         -4.4s C:\Program Files (x86)\Tweaks\FileOpener\

         -4.4s C:\Program Files (x86)\Tweaks\FileOpener\fileopener.exe

         -4.4s C:\Program Files (x86)\Tweaks\

         -4.4s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp.CIS.part

         -4.4s C:\Program Files (x86)\Tweaks\FileOpener\7z.dll

         -4.4s C:\Program Files (x86)\Tweaks\FileOpener\uninstall.exe

         -4.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Nobaxotat_logo[1].png

         -4.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Gegogego[1].png

         -4.2s C:\Users\Public\Desktop\FileOpener.lnk

         -4.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener\

         -4.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener\FileOpener.lnk

         -4.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener\uninstall.lnk

         -3.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\Gegogego_Bisli[1].png

         -3.6s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Memiticeper_BG[1].png

         -3.1s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Memiticeper_BG_BR[1].png

         -1.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\logo[1].png

         -1.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\logo_new[1].png

         -0.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Rerarapepe3[1].jpg

         -0.8s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Rerarapepe[1].png

         -0.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\Rerarapepe_b[1].png

         -0.3s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\MagerogomENv1[1].jpg

         -0.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp\

          0.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755810_stp\termtutor-setup-1.9.0.8.exe

          0.4s C:\Users\Marion\AppData\Local\Temp\A70348E2-551D-478E-84FD-4096F000EB70

          0.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\MagerogomENv2[1].jpg

          0.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\Tasapara2[1].jpg

          1.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp\

          1.0s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755997_stp\uninstaller.exe

          1.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg1[1].jpg

          1.5s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\bg2[1].jpg

          3.7s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\Fidamidifip[1].png

          4.8s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp\

          4.8s C:\Users\Marion\AppData\Local\Temp\is1242154493\16755888_stp\rcpsetup_adppi15_adppi15.exe

          5.7s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_00019b

          7.8s C:\Users\Marion\AppData\Local\Temp\D94CB95F.TMP

          9.2s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\info[1]

          9.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\plus[1]

         12.4s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E6RSBQUK\WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229[1].htm

         13.1s C:\Users\Marion\AppData\Local\Temp\vitruvian-installer-processes-v0001

         14.0s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DV5PN6HF\1[1].zip

         14.8s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F

         14.8s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\625CAE97BFD1E01FDB89C9A05AC2BECD_8D5E1C0C7C84533580B18D34134C047F

         15.2s C:\Users\Marion\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001

         15.7s C:\Program Files\TermTutor\

         15.7s C:\Program Files\TermTutor\IE\

         16.2s C:\Windows\Temp\SSL\

         16.2s C:\Users\Marion\AppData\Local\Temp\vitruvian-installer-install-v0001

         16.4s C:\Users\Marion\AppData\Local\Temp\install

         17.9s C:\Users\Marion\AppData\Local\Opera Software\Opera Stable\Cache\f_00019c

         21.9s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN765JAJ\WDCXWD10EZEX-00KUWA0_WD-WCC1S725322953229[1].htm

         32.7s C:\Users\Marion\AppData\Local\Temp\FBFDE863-3C17-4B82-A5D1-9B8ED5BE6B40.tmp

         33.6s C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUV8ERE9\2[1].zip

         34.3s C:\ProgramData\Systweak\

         34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\

         34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector.lnk

         34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Register Advanced-System Protector.lnk

         34.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector Trouble Shooter.lnk

         34.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector\Advanced-System Protector entfernen.lnk

         35.9s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54

         35.9s C:\Users\Marion\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_0C26894991291B0FB5E6A5B669582C54

         38.1s C:\Users\Marion\AppData\Local\Temp\38D3540D.TMP

         47.7s C:\Users\Marion\AppData\Local\Temp\WebDataJs
 
 

Suspicious files ____________________________________________________________
 

   C:\Users\Marion\Desktop\FRST64.exe

      Size . . . . . . . : 2.109.440 bytes

      Age  . . . . . . . : 0.2 days (2014-10-03 10:27:31)

      Entropy  . . . . . : 7.5

      SHA-256  . . . . . : E1B58F8F8E207B8F72F6E51325D749230850C51347BF3D841E6E89E3F705C316

      Needs elevation  . : Yes

      Fuzzy  . . . . . . : 24.0

         Program has no publisher information but prompts the user for permission elevation.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Time indicates that the file appeared recently on this computer.
 
 

Malware remnants ____________________________________________________________
 

   Google Chrome.lnk

   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\
 

   sweet-page

   C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Web Data
 

   Google Chrome.lnk

   C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
 

   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)

   HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\ (Hijacker)

   HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\ (Hijacker)

   HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command\ (Hijacker)

   HKLM\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\OperaStable\shell\open\command\ (Hijacker)
 

Potential Unwanted Programs _________________________________________________
 

   C:\ProgramData\APN\ (AskBar)

   C:\ProgramData\Systweak\ (Systweak)

   C:\Users\Marion\AppData\Roaming\Systweak\ (Systweak)

   C:\Users\Marion\Documents\Optimizer Pro\ (PCOptimizerPro)

   C:\Users\Marion\Documents\Optimizer Pro\CookiesException.txt (PCOptimizerPro)

   HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro)

   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)

   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro\ (RegClean Pro)

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32\ (AdvSysProtector)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS\ (AdvSysProtector)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32\ (BrowserSafeguard)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS\ (BrowserSafeguard)

   HKLM\SOFTWARE\Wow6432Node\Systweak\ (AdvSysProtector)

   HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)

   HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}\ (FLV Player)

   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

   HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)

   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

   HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)

   HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)

   HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Optimizer Pro\ (PCOptimizerPro)

   HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Softonic\ (Softonic)

   HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Systweak\ (AdvSysProtector)

:wtf: komisches Log irgendwie...

Code:

2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe

Upps...deswegen gibts kein Adwcleaner-Log :D

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

CloseProcesses: 

HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)

C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe

HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)

C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe

HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)

C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe 

HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION 

C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Task: {85F3EB34-4F79-4AD8-BFB5-B1650AD0535E} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION

C:\Program Files (x86)\MyPC Backup

S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]

S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]

S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]

S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]

S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]

S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]

S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]

S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]

S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]

S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]

S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]

S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]

S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]

S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]

S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]

S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]

2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq

2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu

2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx

2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg

2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny

2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc

2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl

2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak

2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii

2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg

2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt

2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup

Folder: C:\Users\Marion\AppData\Roaming\10tons

2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q

2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak

2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk

2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener

2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector

2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor

2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks

2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe

EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Nach dem Reboot bitte das Log posten und dann:

Dateien hochladen:

Link zum Upload-Channel.
Deaktiviere Dein Anti-Viren-Programm.
Gehe zum Ordner C:\FRST\Quarantine.
Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
Klicke auf der Seite des Upload-Channels auf http://deeprybka.trojaner-board.de/b...upload%203.PNG
Kopiere folgende Zeile(n) in das Dateiname-Feld und anschließend jeweils auf Öffnen.

Code:

C:\FRST\Quarantine.zip

Bitte um Rückmeldung ob es geklappt hat! ;)
Danke für Deine Hilfe!

Diesmal den richtigen Adwcleaner laden...:) http://www.trojaner-board.de/157635-...s-richtig.html
Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Du das tu ich nicht, das war die Datei die ich vorhin herunterladen sollte, deswegen hatte ich mich auch gewundert warum die Text-Datei nicht auf ging als der Computer neu gestartet war

Kein Problem! :abklatsch:
Hab den Baustein auf dem Handy noch nicht aktualisiert. :stirn:
Sonst wäre das beim 1. Post dabei gewesen. http://www.trojaner-board.de/157635-...s-richtig.html

Ich habe nun die Datei abgespeichert unter FRST. Wenn ich dann auf Fix gehe, steht NO FIXLIST.TXT FOUND, the fixlist.txt should be in the same folder/directory the tool is located

Du musst sie auf den Desktop abspeichern. ;)

Code:

Running from C:\Users\Marion\Desktop

lach, du machst mich fertig ;)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Marion at 2014-10-03 16:31:57 Run:1
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
*****************

C:\Users\Marion\Desktop\FileOpenerSetup.exe => Moved successfully.

==== End of Fixlog ====

Und Du mich erst...:D

Bitte die Datei auf den Desktop laden und Schritt 1 wiederholen. :)

Das mit der Zip-Datei hat geklappt ;)

Ja, aber bitte das machen was ich oben geschrieben habe. Du hast die falsche fixlist gemacht. Meine bitte runterladen und Fix wiederholen, zip- bitte wieder hochladen.

Tut mir leid daß ich dich so stresse, das ist keine Absicht :)

Sorry jetzt komm ich nicht mehr mit, ich hatte doch die kopiert die du mir geschickt hast

Diese Datei bitte auf den Desktop ablegen (also runterladen und vom Download-Verzeichnis auf den Desktop kopieren) dann FRST-Fix wiederholen. Nach dem Reboot zip hochladen und weiter mit den nächsten Schritten.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Marion at 2014-10-03 17:00:04 Run:4
Running from C:\Users\Marion\Desktop
Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [accessibility_api] => C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe [175616 2013-03-07] (American Megatrends, Inc)
C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe [171520 2013-06-10] (Faronics Corporation)
C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Winlogon: [Shell] C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe,explorer.exe <==== ATTENTION
C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {85F3EB34-4F79-4AD8-BFB5-B1650AD0535E} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
S1 ddoiigbx; \??\C:\Windows\system32\drivers\ddoiigbx.sys [X]
S3 DIRECTIO; \??\UNC\srv1c027-b.wds8-b.intern\reminst\Test\BitPro64\DirectIo.sys [X]
S1 fsmsnfwt; \??\C:\Windows\system32\drivers\fsmsnfwt.sys [X]
S1 ihnucalu; \??\C:\Windows\system32\drivers\ihnucalu.sys [X]
S1 itcwrofb; \??\C:\Windows\system32\drivers\itcwrofb.sys [X]
S1 jmkcmoxh; \??\C:\Windows\system32\drivers\jmkcmoxh.sys [X]
S1 lacwkzcs; \??\C:\Windows\system32\drivers\lacwkzcs.sys [X]
S1 lfjdnuqm; \??\C:\Windows\system32\drivers\lfjdnuqm.sys [X]
S1 nesesnma; \??\C:\Windows\system32\drivers\nesesnma.sys [X]
S1 nmwtxjbn; \??\C:\Windows\system32\drivers\nmwtxjbn.sys [X]
S1 nqhqxrbj; \??\C:\Windows\system32\drivers\nqhqxrbj.sys [X]
S1 ohryqmkp; \??\C:\Windows\system32\drivers\ohryqmkp.sys [X]
S1 pqtxhguf; \??\C:\Windows\system32\drivers\pqtxhguf.sys [X]
S1 rciklfqv; \??\C:\Windows\system32\drivers\rciklfqv.sys [X]
S1 rhjxtslu; \??\C:\Windows\system32\drivers\rhjxtslu.sys [X]
S1 tvmeatie; \??\C:\Windows\system32\drivers\tvmeatie.sys [X]
2014-09-29 11:20 - 2014-10-01 11:40 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Dfsntdevjq
2014-09-27 15:20 - 2014-09-29 11:20 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Owuu
2014-09-27 09:19 - 2014-09-27 15:20 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Mdffocmx
2014-09-27 09:09 - 2014-09-29 11:34 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Rtpzgejllg
2014-09-26 17:49 - 2014-09-27 09:19 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Psny
2014-09-26 08:43 - 2014-09-26 23:15 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Ydllnepc
2014-09-26 08:29 - 2014-09-26 17:49 - 00000000 ___HD () C:\Users\Marion\AppData\Local\Rqhcinlpl
2014-09-25 10:41 - 2014-10-03 14:27 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Systweak
2014-09-25 09:43 - 2014-09-25 11:13 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Obfii
2014-09-25 09:32 - 2014-10-03 14:31 - 00000000 ____D () C:\ProgramData\evg
2014-09-25 09:31 - 2014-09-25 09:31 - 00000000 ___HD () C:\Users\Marion\AppData\Roaming\Xggt
2014-09-25 10:42 - 2014-09-25 10:42 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
Folder: C:\Users\Marion\AppData\Roaming\10tons
2014-10-03 13:46 - 2014-10-03 13:46 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\1H1Q
2014-10-03 13:45 - 2014-10-03 14:27 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-03 13:45 - 2014-10-03 13:56 - 00001157 _____ () C:\Users\Public\Desktop\FileOpener.lnk
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 13:45 - 2014-10-03 13:45 - 00000000 ____D () C:\Program Files (x86)\Tweaks
2014-10-03 13:44 - 2014-10-03 13:44 - 00716656 _____ ( ) C:\Users\Marion\Desktop\FileOpenerSetup.exe
EmptyTemp:

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\accessibility_api => Value not found.
"C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe" => File/Directory not found.
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\accessibility_api => Value not found.
"C:\ProgramData\Acronis\Acep\windows_sound_recorder\movie_maker\speed_dial\missed_call.exe" => File/Directory not found.
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\queue => value deleted successfully.
"C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe" => File/Directory not found.
HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\Program Files\Canon\MyPrinter\PL\32bit\app_bar\configuration.exe" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85F3EB34-4F79-4AD8-BFB5-B1650AD0535E}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
ddoiigbx => Service not found.
DIRECTIO => Service not found.
fsmsnfwt => Service not found.
ihnucalu => Service not found.
itcwrofb => Service not found.
jmkcmoxh => Service not found.
lacwkzcs => Service not found.
lfjdnuqm => Service not found.
nesesnma => Service not found.
nmwtxjbn => Service not found.
nqhqxrbj => Service not found.
ohryqmkp => Service not found.
pqtxhguf => Service not found.
rciklfqv => Service not found.
rhjxtslu => Service not found.
tvmeatie => Service not found.
"C:\Users\Marion\AppData\Local\Dfsntdevjq" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Owuu" => File/Directory not found.
"C:\Users\Marion\AppData\Local\Mdffocmx" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Rtpzgejllg" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Psny" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Ydllnepc" => File/Directory not found.
"C:\Users\Marion\AppData\Local\Rqhcinlpl" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Systweak" => File/Directory not found.
"C:\Users\Marion\AppData\Roaming\Obfii" => File/Directory not found.
C:\ProgramData\evg => Moved successfully.
"C:\Users\Marion\AppData\Roaming\Xggt" => File/Directory not found.
"C:\Windows\System32\Tasks\LaunchSignup" => File/Directory not found.

========================= Folder: C:\Users\Marion\AppData\Roaming\10tons ========================

2014-09-30 17:45 - 2014-09-30 17:45 - 0000000 ____D () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed
2014-09-30 17:45 - 2014-09-30 17:45 - 0000000 ____D () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed\profiles
2014-09-30 17:45 - 2014-10-01 09:46 - 0007827 _____ () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed\profiles\1.xml
2014-09-30 17:45 - 2014-09-30 17:46 - 0000463 _____ () C:\Users\Marion\AppData\Roaming\10tons\Sparkle_Unleashed\profiles\index.xml

====== End of Folder: ======

"C:\Users\Marion\AppData\Roaming\1H1Q" => File/Directory not found.
"C:\ProgramData\Systweak" => File/Directory not found.
"C:\Users\Public\Desktop\FileOpener.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector" => File/Directory not found.
"C:\Program Files\TermTutor" => File/Directory not found.
"C:\Program Files (x86)\Tweaks" => File/Directory not found.
"C:\Users\Marion\Desktop\FileOpenerSetup.exe" => File/Directory not found.
EmptyTemp: => Removed 93 KB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Naja, dreifach hält besser. ;)

Jetzt bitte die zip hochladen...

AdwCleaner Logfile:

Code:

# AdwCleaner v3.311 - Bericht erstellt am 03/10/2014 um 17:08:25

# Aktualisiert 30/09/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Marion - MARION-PC

# Gestartet von : C:\Users\Marion\Desktop\AdwCleaner_3.311.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Users\Marion\AppData\Roaming\quickclick

Ordner Gelöscht : C:\Users\Marion\Documents\Optimizer Pro

Datei Gelöscht : C:\Windows\System32\roboot64.exe
 

***** [ Tasks ] *****
 

Task Gelöscht : advanced-System Protector_startup

Task Gelöscht : RegClean Pro
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Verknüpfung Desinfiziert : C:\Users\Marion\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command

Schlüssel Gelöscht : HKCU\Software\distromatic

Schlüssel Gelöscht : HKCU\Software\Optimizer Pro

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Schlüssel Gelöscht : HKLM\SOFTWARE\systweak

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17280
 
 

-\\ Google Chrome v37.0.2062.124
 

*************************
 

AdwCleaner[R0].txt - [5358 octets] - [03/10/2014 17:07:16]

AdwCleaner[S0].txt - [3995 octets] - [03/10/2014 17:08:25]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4055 octets] ##########

--- --- ---

die zip hab ich hochgeladen

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014

Ran by Marion (administrator) on MARION-PC on 03-10-2014 17:11:41

Running from C:\Users\Marion\Desktop

Loaded Profiles: Marion & Acronis Agent User (Available profiles: Marion & Acronis Agent User)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Hama GmbH & Co KG) C:\Program Files (x86)\Hama\Common\RaUI.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(Acronis) C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe

(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [383248 2010-11-30] (Acronis)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\RunOnce: [queue] => C:\ProgramData\Acronis\AgentService\movie_moments\toolbar\recover\e_mail.exe

HKU\S-1-5-21-3133097954-3543690179-3637798621-1000\...\MountPoints2: {9116d1a0-cc3a-11e3-bd1f-e03f491a4f5a} - I:\pushinst.exe

IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

IFEO\efficientstickynotes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk

ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)

Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Sticky Notes.lnk

ShortcutTarget: Efficient Sticky Notes.lnk -> C:\Program Files (x86)\Efficient Sticky Notes\EfficientStickyNotes.exe (Efficient Software)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - {E79E229F-F9AA-403C-9DCB-5BBD1D0B82B0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

Chrome: 

=======

CHR Profile: C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]

CHR Extension: (Avira Browser Safety) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]

CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [1914768 2010-11-30] (Acronis)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)

S2 click; C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\privilege\basal_metabolic_rate.exe [175616 2014-05-14] (American Megatrends, Inc) [File not signed]

R2 DMS; C:\Program Files (x86)\Acronis\DiskDirectorAdvanced\mms.exe [4638352 2010-11-30] (Acronis)

S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)

S3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)

S1 axnsraer; \??\C:\Windows\system32\drivers\axnsraer.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-03 17:11 - 2014-10-03 17:11 - 00015264 _____ () C:\Users\Marion\Desktop\FRST.txt

2014-10-03 17:07 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-10-03 17:06 - 2014-10-03 17:08 - 00000000 ____D () C:\AdwCleaner

2014-10-03 17:05 - 2014-10-03 17:05 - 01375089 _____ () C:\Users\Marion\Desktop\AdwCleaner_3.311.exe

2014-10-03 15:07 - 2014-10-03 15:07 - 00037194 _____ () C:\Users\Marion\Desktop\HitmanPro_20141003_1507.log

2014-10-03 14:57 - 2014-10-03 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-10-03 14:56 - 2014-10-03 14:56 - 11194928 _____ (SurfRight B.V.) C:\Users\Marion\Desktop\HitmanPro_x64.exe

2014-10-03 14:08 - 2014-10-03 17:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-03 14:07 - 2014-10-03 14:07 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-03 14:07 - 2014-10-03 14:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-03 14:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-03 14:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-03 14:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-03 14:06 - 2014-10-03 14:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marion\Desktop\mbam-setup-2.0.2.1012.exe

2014-10-03 13:49 - 2014-10-03 17:09 - 00069236 _____ () C:\Windows\PFRO.log

2014-10-03 10:28 - 2014-10-03 17:11 - 00000000 ____D () C:\FRST

2014-10-03 10:27 - 2014-10-03 10:27 - 02109440 _____ (Farbar) C:\Users\Marion\Desktop\FRST64.exe

2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\VisualShape

2014-10-03 10:02 - 2014-10-03 10:02 - 00000000 ____D () C:\ProgramData\VisualShape

2014-10-03 09:52 - 2014-10-03 09:52 - 00001023 _____ () C:\Users\Public\Desktop\Farm to Fork Sammleredition.lnk

2014-10-03 09:06 - 2014-10-03 17:09 - 00000504 _____ () C:\Windows\setupact.log

2014-10-03 09:06 - 2014-10-03 09:06 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-01 10:53 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-01 10:53 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-30 17:45 - 2014-09-30 17:45 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\10tons

2014-09-27 11:41 - 2014-10-03 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-09-25 19:46 - 2014-09-25 19:46 - 00000975 _____ () C:\Users\Public\Desktop\Königliche Puzzle 2.lnk

2014-09-25 19:45 - 2014-09-25 19:45 - 00000967 _____ () C:\Users\Public\Desktop\Königliche Puzzle.lnk

2014-09-25 19:27 - 2014-09-25 19:27 - 00001031 _____ () C:\Users\Public\Desktop\Puzzle-Holiday Valentinstag.lnk

2014-09-25 18:55 - 2014-09-25 18:56 - 00000000 ____D () C:\Users\Marion\Desktop\Programme

2014-09-25 12:03 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-09-25 12:03 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-09-25 12:03 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-09-25 12:03 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-09-25 11:51 - 2014-09-25 11:50 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-09-25 11:50 - 2014-09-25 11:50 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-09-25 11:50 - 2014-09-25 11:50 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-09-25 11:50 - 2014-09-25 11:50 - 00000000 ____D () C:\Program Files\Java

2014-09-25 10:52 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Amazon

2014-09-25 10:49 - 2014-10-03 13:23 - 00001912 _____ () C:\Windows\epplauncher.mif

2014-09-25 10:41 - 2014-10-03 17:08 - 00001111 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

2014-09-25 10:29 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2014-09-25 10:29 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-09-25 10:29 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-09-25 10:29 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2014-09-25 10:29 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2014-09-25 10:29 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-09-25 10:29 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2014-09-25 10:29 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2014-09-25 10:29 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2014-09-25 10:29 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2014-09-25 10:29 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2014-09-25 10:29 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2014-09-25 10:29 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-09-25 10:29 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-09-25 10:29 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2014-09-25 10:29 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-09-25 10:28 - 2014-09-25 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-09-25 10:28 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-09-25 10:28 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-09-25 10:28 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys

2014-09-25 10:28 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2014-09-25 10:28 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2014-09-25 10:27 - 2014-09-25 10:27 - 00007605 _____ () C:\Users\Marion\AppData\Local\Resmon.ResmonCfg

2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-09-25 10:27 - 2014-09-25 10:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-09-25 10:26 - 2014-09-25 10:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf

2014-09-25 10:25 - 2014-09-25 10:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf

2014-09-25 10:12 - 2014-09-27 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-25 10:12 - 2014-09-25 10:12 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-09-25 10:12 - 2014-09-25 10:12 - 00000000 ____D () C:\Program Files\CCleaner

2014-09-24 09:37 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-09-24 09:37 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-18 09:41 - 2014-09-18 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-16 10:36 - 2014-09-16 10:36 - 00001039 _____ () C:\Users\Public\Desktop\Gizmos - Rätsel des Universums.lnk

2014-09-16 10:36 - 2014-09-16 10:36 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Western Software Technologies

2014-09-12 00:29 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-12 00:29 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-12 00:29 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-12 00:29 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-12 00:29 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-12 00:29 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-12 00:29 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-12 00:29 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-12 00:29 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-12 00:29 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-12 00:29 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-12 00:29 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-12 00:29 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-12 00:29 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-12 00:29 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-12 00:29 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-12 00:29 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-12 00:29 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-12 00:29 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-12 00:29 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-12 00:29 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-12 00:29 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-12 00:29 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-12 00:29 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-12 00:29 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-12 00:29 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-12 00:29 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-12 00:29 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-12 00:29 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-12 00:29 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-12 00:29 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-12 00:29 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-12 00:29 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-12 00:29 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-12 00:29 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-12 00:29 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-12 00:29 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-12 00:29 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-12 00:29 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-12 00:29 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-12 00:29 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-12 00:29 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-12 00:29 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-12 00:29 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-12 00:29 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-12 00:29 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-12 00:29 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-12 00:29 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-12 00:29 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-12 00:29 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-12 00:29 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-12 00:29 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-12 00:28 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-12 00:28 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-12 00:28 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-12 00:28 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-12 00:22 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-12 00:22 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-11 21:21 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-09-11 21:21 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-09-11 21:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-11 21:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-11 21:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-11 21:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-11 21:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-11 21:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-11 21:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-11 21:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-11 21:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-08 08:34 - 2014-10-03 17:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-08 08:34 - 2014-10-03 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-09-08 08:34 - 2014-10-03 16:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-08 08:34 - 2014-09-27 11:42 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-09-08 08:34 - 2014-09-27 11:42 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-09-07 21:43 - 2014-09-25 11:24 - 00000000 ____D () C:\ProgramData\Yahoo!

2014-09-07 21:43 - 2014-09-07 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger

2014-09-07 21:39 - 2014-09-25 11:24 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-10-03 17:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-03 17:08 - 2014-02-15 19:58 - 00001004 _____ () C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-10-03 17:08 - 2014-02-15 19:35 - 01305411 _____ () C:\Windows\WindowsUpdate.log

2014-10-03 17:08 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-03 17:08 - 2009-07-14 06:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-03 16:25 - 2014-02-15 21:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-03 14:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI

2014-10-03 10:25 - 2014-02-15 20:28 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Skype

2014-10-03 10:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-03 09:53 - 2014-02-20 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT

2014-10-02 20:17 - 2014-02-15 20:03 - 00000000 ____D () C:\Users\Marion\AppData\Local\CrashDumps

2014-10-02 13:57 - 2014-06-02 11:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2014-10-02 13:34 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\Adobe

2014-10-02 09:16 - 2014-02-21 21:35 - 00000000 ____D () C:\Users\Marion\Desktop\Spiele

2014-09-29 19:55 - 2014-02-15 21:23 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\vlc

2014-09-29 13:13 - 2014-08-10 20:12 - 00000000 ____D () C:\Users\Marion\Documents\8floor

2014-09-27 12:26 - 2014-02-15 23:24 - 00000000 ____D () C:\Program Files (x86)\Acronis

2014-09-27 12:25 - 2014-02-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis

2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\ProgramData\Avira

2014-09-27 11:55 - 2014-02-23 00:08 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-09-27 11:41 - 2014-08-05 09:10 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-27 11:04 - 2014-02-15 23:16 - 00001185 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2014-09-27 09:13 - 2014-06-04 09:10 - 00003854 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1392487835

2014-09-27 09:13 - 2014-02-15 20:10 - 00000000 ____D () C:\Program Files (x86)\Opera

2014-09-26 12:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-25 18:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-09-25 16:31 - 2014-02-15 23:42 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm

2014-09-25 11:36 - 2014-02-24 21:59 - 00000000 ____D () C:\Users\Marion\Documents\EfficientPIM AutoBackup

2014-09-25 11:36 - 2014-02-16 00:56 - 00598016 _____ () C:\Users\Marion\Documents\MyStickyNotes.esn

2014-09-25 11:13 - 2014-02-15 19:58 - 00000000 ____D () C:\Users\Marion\AppData\Local\VirtualStore

2014-09-25 10:32 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-09-25 10:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-09-25 10:15 - 2014-02-15 23:16 - 00000000 ____D () C:\Users\Marion\AppData\Roaming\TeamViewer

2014-09-25 10:15 - 2013-11-19 11:32 - 00000000 ____D () C:\Windows\Panther

2014-09-24 19:25 - 2014-02-15 21:09 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-24 19:25 - 2014-02-15 21:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-24 19:25 - 2014-02-15 21:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-23 09:35 - 2014-02-15 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-23 09:33 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-20 09:09 - 2014-02-21 10:34 - 00000000 ____D () C:\Users\Acronis Agent User\AppData\Local\CrashDumps

2014-09-18 09:41 - 2014-02-15 20:28 - 00000000 ____D () C:\ProgramData\Skype

2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-09-13 10:05 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Marion\Documents\Outlook-Dateien

2014-09-12 00:28 - 2014-02-15 21:31 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-12 00:28 - 2013-11-19 11:37 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-12 00:28 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat

2014-09-12 00:28 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat

2014-09-12 00:28 - 2009-07-14 07:13 - 01592628 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-12 00:27 - 2014-02-18 10:34 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-12 00:22 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-09-10 21:46 - 2014-02-15 21:08 - 00000000 ____D () C:\Users\Marion\AppData\Local\Adobe

2014-09-08 08:47 - 2014-02-15 21:09 - 00000000 ____D () C:\Users\Marion\AppData\Local\Google

2014-09-08 08:34 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files (x86)\Google
 

Some content of TEMP:

====================

C:\Users\Marion\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-26 12:35
 

==================== End Of Log ============================

--- --- ---

--- --- ---